What Would Drupal Do? | keeping track of drupal, a node at a time

Submitted by drawk on Tue, 2007-01-30 22:56.

As it turns out, there was an exploit with the captcha module by which it could be easily defeated by spammers.

See security notice Captcha - response validation bypass.

I ended up in a discussion with Heine about a bypass that is fairly trivial to use. Captcha has been updated to prevent the exploit.

New versions:

Captcha 4.7.x-1.2
Captcha 5.x-1.1

Reply

Hosted By Dreamhost.com

judah hertz

New Modules

Node Tracker

(#11811)template.php: Overriding other theme functions

(#16383)Making additional variables available to your templates

(#5120)Parse xml into sql insert statements

(#32597)Need to create nodes from my module (programatically)

(#17570)Branches | drupal.org

(#42562)Tutorial 3: Creating new widgets with AJAX

(#83349)How to include pages in each other?

(#91709)Added nodeapi('access') to node.module

(#84961)Add a "select all" toggle to forms with many checkboxes (eg: content management -> posts)

(#32077)How to generate <body> class/id attributes for each page

Did you know?

You don't need to register at WWDD to post comments.

Isn't it annoying when you want to comment on an article, but don't want to go through the hassle of creating yet-another-user account at yet-another-website?

Feel free to comment anonymously, or log in with your username@drupal.org account.

We won't mind a bit.