The page forgotpass.php should come with catcha feature to prevent abusing it

Bug #1728473 reported by Son Nguyen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Unassigned
16.10
Fix Released
High
Unassigned
17.04
Fix Released
High
Unassigned
17.10
Fix Released
High
Unassigned
18.04
Fix Released
High
Unassigned

Bug Description

Version: master

Hi Maharians,

In the page "Forgotten your username or password?", I would have a catcha form or similar feature to prevent the abuse.
Also the error message should be generic such as "Sorry, invalid data." or "An email has been (will shortly be) sent to ... Please follow the instruction in it".

Revision history for this message
Robert Lyon (robertl-9) wrote :

Hi Son,

They are good points you make - will fix up asap

Cheers

Robert

Changed in mahara:
milestone: none → 18.04.0
importance: Undecided → High
status: New → In Progress
Changed in mahara:
importance: High → Wishlist
Revision history for this message
Robert Lyon (robertl-9) wrote :
Revision history for this message
Robert Lyon (robertl-9) wrote :

The patch here deals with some of the problems mentioned in https://bugs.launchpad.net/mahara/+bug/1203924 namely adding a captcha to the form (if captcha info is set up in admin) and returning a generic message whether user was successful or not

Robert Lyon (robertl-9)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers