The page forgotpass.php should come with catcha feature to prevent abusing it

Bug #1728473 reported by Son Nguyen on 2017-10-30
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Unassigned
16.10
High
Unassigned
17.04
High
Unassigned
17.10
High
Unassigned
18.04
High
Unassigned

Bug Description

Version: master

Hi Maharians,

In the page "Forgotten your username or password?", I would have a catcha form or similar feature to prevent the abuse.
Also the error message should be generic such as "Sorry, invalid data." or "An email has been (will shortly be) sent to ... Please follow the instruction in it".

Robert Lyon (robertl-9) wrote :

Hi Son,

They are good points you make - will fix up asap

Cheers

Robert

Changed in mahara:
milestone: none → 18.04.0
importance: Undecided → High
status: New → In Progress
Changed in mahara:
importance: High → Wishlist
Robert Lyon (robertl-9) wrote :

The patch here deals with some of the problems mentioned in https://bugs.launchpad.net/mahara/+bug/1203924 namely adding a captcha to the form (if captcha info is set up in admin) and returning a generic message whether user was successful or not

Robert Lyon (robertl-9) on 2018-01-17
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers