User lockout - missing "picture below"
-
Hi,
one of my DJs locked himself out by means of typing incorrect password several times (confirmed also by me creating test account and locking it out). We are being presented with message "Type the characters you see in the picture below.". I guess this should be some kind of CAPTCHA, but there is no "picture below", much less characters in it.
I found discussion from 2012 which addresses similar problem:
https://forum.sourcefabric.org/discussion/14643/missing-captcha-fields-/p1
I implemented the workaround (resetting the password and login_attempts directly through postgres), so I am not in urgent need of solving this. However, this looks like serious issue - imagine a malicious attacker constantly locking out DJs who then need to communicate with admins to remove the locks.
Post edited by pacija at 2015-02-26 05:44:18
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339