1. Ignore the CAPTCHA and submit.
2. Go back, enter "undefined" in the CAPTCHA field and submit again.
3. Profit

Files: 
CommentFileSizeAuthor
#1 995260-undefined-hack-01.patch1.6 KBsoxofaan
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch 995260-undefined-hack-01.patch.
[ View ]

Comments

StatusFileSize
new1.6 KB
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch 995260-undefined-hack-01.patch.
[ View ]

Good catch! How did you find this?

attached patch should fix it

Version:6.x-2.3» 6.x-2.x-dev

changing version to trigger test bot (hopefully)

Status:Active» Needs review

status too

I was wondering how many of the failed attempts were likely caused by human error as opposed to blocked spammers, and I noticed this in the dblog

comment_form post blocked by CAPTCHA module: challenge "Image" (by module "image_captcha"), user answered "", but the solution was "undefined".

The patch is fixing the bug, but now I get in the dblog
comment_form post blocked by CAPTCHA module: challenge "Image" (by module "image_captcha"), user answered "undefined", but the solution was "50af097255a6807dde16121aa7c05c36".

I think it would be better to have explanation that session reuse was detected in the log entry.

Hi miopa,

I think it's best to commit the patch from #1 already.
You have a point about having more information about session reuse attacks in the log, but I think this fits nicely in this feature request of you: #998326: Separate log of wrong and empty responses

Version:6.x-2.x-dev» 7.x-1.x-dev
Status:Needs review» Patch (to be ported)
Issue tags:+low-hanging fruit

committed (D6): http://drupal.org/cvs?commit=466592

to be ported to D7 version

Status:Patch (to be ported)» Fixed

ported and committed to D7:
http://drupal.org/cvs?commit=470928

Status:Fixed» Closed (fixed)
Issue tags:-low-hanging fruit

Automatically closed -- issue fixed for 2 weeks with no activity.