Page MenuHomePhabricator

OTRS password request abuse (implement CAPTCHA?)
Open, Stalled, LowestPublic

Description

Someone mass send password request to my email address via "Lost your password?" of OTRS login. Now have receive > 100 email.

plese add captcha for OTRS!


Version: unspecified
Severity: major
URL: https://ticket.wikimedia.org/otrs/index.pl
See Also:
http://bugs.otrs.org/show_bug.cgi?id=4631
https://otrsteam.ideascale.com/a/dtd/Disallow-spamming-agents-by-Lost-password-feature/455056-10369

Details

Reference
bz21579

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 10:48 PM
bzimport added projects: OTRS, Upstream.
bzimport set Reference to bz21579.
bzimport added a subscriber: Unknown Object (MLST).
Shizhao created this task.Nov 20 2009, 4:23 PM

str4nd wrote:

*** Bug 21580 has been marked as a duplicate of this bug. ***

Wasn't it reported upstream?

hiroe_14 wrote:

OTRS's

Bug has still not been fixed in OTRS.

[Removing RESOLVED LATER as discussed in
http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html .
Reopening and setting priority to "Lowest".
For future reference, please use either RESOLVED WONTFIX (for issues that will
not be fixed), or simply set lowest priority. Thanks a lot!]

I don't think Tim is actively working on this (instead we are waiting for upstream developers to fix it), hence I'm resetting the assignee.

Still valid and unresolved in upstream (see "See Also:" field for URL).

hozanji wrote:

content hidden as private in Bugzilla

Reedy added a comment.Apr 13 2013, 3:30 PM

content hidden as private in Bugzilla

Rjd0060 set Security to None.Nov 25 2014, 11:04 AM
Rjd0060 added subscribers: pajz, Rjd0060.
Steinsplitter moved this task from Incoming to Backlog on the OTRS board.Mar 12 2015, 12:38 PM
Josve05a changed the task status from Open to Stalled.Sep 20 2017, 10:18 PM
Josve05a moved this task from Backlog to Reported Upstream on the Upstream board.
Josve05a added a subscriber: Josve05a.

Marking as stalled, pending possible future upstream implementation.

This comment was removed by Scoopfinder.
Restricted Application added a subscriber: alanajjar. · View Herald TranscriptFeb 22 2018, 9:50 AM
Meno25 removed a subscriber: Meno25.Nov 23 2018, 8:07 AM
Scoopfinder updated the task description. (Show Details)Sep 4 2019, 7:37 AM