When I enable the captcha module (cvs, 26/07/2006 - 20:46, 11.61 KB) and enable the captcha field for the login form, the user can login without entering the math problem.

  1. Enable the captcha module for the login form.
  2. Go to example.com/?q=user
  3. Enter a correct username and password and submit the form.
  4. An error will be reported by the captcha module.
  5. Enter a correct username and password again and submit the form.
  6. The user is now logged in without having to enter the captcha math problem.

Am I the only person that is seeing this?

Comments

bandrew@drupal.org’s picture

bandrew@drupal.org commented

I get it too with the same configuration as you. (I submit my user name and password but leave the captcha blank, then it complains that I didn't do the captcha properly, then I just ignore hte new form and go to the home page or some other page and presto! I am logged in.)

ideviate’s picture

ideviate commented

do you use logintoboggan, causing to loginblocks on front page?

Boinng’s picture

Boinng commented

Exactly the same problem here - the second attempt on the front page works, despite the maths answer still being wrong. Not using logintoboggan or any other login add-ons, just the block on the front page.

PoisedGuru’s picture

PoisedGuru commented

We also have this exact problem. I can put in the right number the first time, it will tell me it's wrong but I can click on a link and enter into the site as I'm already logged in.

Could it have something to do with page caching? That was my thinking on it.

guanyu’s picture

guanyu commented

I got the same problem. For the second time, you don't even have to enter the password and answer for the math problem again. It just logs in when u type submit with username only. DANGEROUS.

wundo’s picture

wundo commented
Status: Active » Closed (fixed)