Does no one realise that the admin login captcha will do nothing at all to stop a brute force attack? The captcha answer is sent in cleartext in the html!
src="../Captcha.ashx?w=300&h=80&id=065375&sid=1&t=054202"
Can this be fixed please? I suggest you remove "CAPTCHA image on administrator login page to prevent brute force attacks" on the feature page until it is fixed.
Captcha useless
Re: Captcha useless
That is because you haven't set your encryption key. Once you set the encryption key you will not see the captcha value in clear text.
-
- Ensign (ENS)
- Posts: 3
- Joined: Sat Aug 15, 2009 9:59 am
Re: Captcha useless
OKi doki.