Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerable to automated attacks when error message not set #25

Closed
Gappa opened this issue Mar 15, 2019 · 1 comment
Closed

Vulnerable to automated attacks when error message not set #25

Gappa opened this issue Mar 15, 2019 · 1 comment

Comments

@Gappa
Copy link
Contributor

Gappa commented Mar 15, 2019

Error message is not required (although mentioned in the examples), but when it is not set, the whole recaptcha can be bypassed by using curl for example.

These are the lines mentioned:

Should the functionality be dependant on setting the message?
Maybe set a default message or validate it regardless?
@mabar mabar mentioned this issue Mar 15, 2019
Merged
@mabar mabar closed this as completed in #26 Mar 18, 2019
@Gappa
Copy link
Contributor Author

Gappa commented Mar 18, 2019

👍 Thanks! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gappa