Closed (fixed)
Project:
Mollom
Version:
5.x-1.4
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
16 Sep 2008 at 07:00 UTC
Updated:
10 Nov 2008 at 20:33 UTC
In the drupal 5 module for mollom, the captcha-only check can be by-passed by leaving out the session-id from the posted form. This patch fixes this.
| Comment | File | Size | Author |
|---|---|---|---|
| capcha_exploit.patch | 498 bytes | Benjamin Schrauwen |
Comments
Comment #1
dries commentedCommitted to DRUPAL-5. Thanks! :)
Comment #2
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.
Comment #3
dergachev commentedGuys, it seems to me this vulnerability still exists in the 6.x version.
Comment #4
dries commentedCan you provide steps to reproduce?
Comment #5
vasi commentedNope, on review we find it does not occur. 'Scuse us!