User button in top menu bypasses captcha

Fruition's picture
Fruition
Fri, 07/15/2016 - 15:15
#1
User button in top menu bypasses captcha

When configuring captchas for site security i noticed that if a person uses the user button in the top menu (displayed in image) it allows them to bypass the captcha process which creates huge problems for site security and is an open door for bots. 

ScreenShot

The captcha module works fine in the /user extension (as demonstrated in the image below) So i know it is not a module issue.

Image title

Could you please provide a fix for this, or at least tell me the location of the code for the box that pops us when using the user button in the menu so i can try and find a way to change the code to make the captcha work. This is a huge security flaw in this theme and should be fixed in your release version that you sell on themeforest as well. This is too nice of a theme to have such a gaping hole in security.

Thanks !!

phuonght's picture
phuonght
Fri, 07/15/2016 - 22:25

Hi,

Please send us your site admin account and FTP account by private comment? We would like to have a check then fix problem for you. 

Fruition's picture
Fruition
Mon, 07/18/2016 - 10:12

All you have to do to recreate the issue is install the captcha module into the Horsen theme. You dont need my FTP details for that. I cannot share my FTP details. Even in private.

phuonght's picture
phuonght
Mon, 07/18/2016 - 23:38

So can you please tell us which captcha module you are using in site?

Fruition's picture
Fruition
Tue, 07/19/2016 - 08:27

https://www.drupal.org/project/captcha is the module. But none of the available captcha modules for drupal fix the security issue as none of them will display on the user menu.

Fruition's picture
Fruition
Thu, 07/21/2016 - 11:24

Still waiting on a fix for this issue.

cindy's picture
cindy
Thu, 07/21/2016 - 23:10

Hi,

Please check your email. Download the attached file and update in sites/all/modules/custom

Fruition's picture
Fruition
Fri, 07/22/2016 - 17:04

Thank you Cindy, It works the first time, but if you check you will see, that if the user clicks the register button, then closes the pop up and opens it again without refreshing the entire page, the captcha disappears which still allows them to bypass it.  Also the captcha does not display if they open the pop up from any other page besides the home page, and it disapepars if you switch back and fourth from the register to the login page.

cindy's picture
cindy
Sat, 07/23/2016 - 04:33

Hi,

As you can see our demo works fine

So, we need your site account and FTP account to check and fix your problem

Without the credentials, we could not support you

Fruition's picture
Fruition
Sat, 07/23/2016 - 16:52

Thanks Cindy, i got it fixed. It was a browser issue with chrome and ajax.

Fruition's picture
Fruition
Mon, 09/12/2016 - 13:59

Cindy, although the capthca displays, there seems to be a problem with the way the JS is scripted as it will not allow the completion of the captcha nor mark it as completed when filled correctly. Can you please look into this and provide a solution. It can be verified by trying to register a new account on your demo as well.

Thanks

Fruition's picture
Fruition
Tue, 09/13/2016 - 17:13

Still waiting for something on this issue.

Fruition's picture
Fruition
Thu, 09/15/2016 - 08:17

Day 4 now and still waiting on some sort of reply. Do i need to create a new thread to get a response or what?

cindy's picture
cindy
Fri, 09/16/2016 - 00:51

We have just tried again but see no error as you reported

You please send us some screenshots of the problem

phuonght's picture
phuonght
Fri, 09/16/2016 - 04:26

Hi,

You can please take a look at following video: https://www.youtube.com/watch?v=woYx4rrUenE

Captcha still works well on our demo and has no problem as you mentioned. 

Log in or register to post comments
Have More Idea?

We are here to build your website!

No Universal solution fits all special business requirements. Our experienced team is ready with ideas and state-of-the-art technical solutions to consult the best solution within your budget.