Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9829

Recaptcha plugin result interpretation fault

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.6, 3.0.7, 3.0.7-PL1
    • Fix Version/s: 3.0.8-RC1
    • Labels:
      None

      Description

      crrodriguez:
      Hi:

      There is a massive bug in the included recaptcha plugin

      The problem is in /includes/captcha/plugins/phpbb_recaptcha_plugin.php
      function recaptcha_check_answer

      it says:

      if (trim($answers[0]) === 'true')

      { $this->solved = true; return false; }
      else
      {
      if ($answers[1] === 'incorrect-captcha-sol') { return $user->lang['RECAPTCHA_INCORRECT']; }
      }


      The important part is when the code checks $answers[1] , that's awfully broken, it must NOT check the returning error string but the returning error code

      This makes captcha easily bypassable by a text browser/bot, as they do not support javascript, and when captcha is not resolved the challenge response defaults to "manual_challenge", there is no point in checking the error string, you only want $answers[0] being true, every other return value regardless its contents must return incorrect captcha.


      fix:

      if (trim($answers[0]) === 'true'){ $this->solved = true; return false; }

      else

      { return $user->lang['RECAPTCHA_INCORRECT']; }

        Attachments

          Activity

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              Kellanved Kellanved [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: