Add a captcha to the password reset form

A vulnerability has been brought to the attention of one of our security personnel by a ethical hacker.
This security officer suggests to add a captcha to OJS password reset form in order to prevent lack of rate limiting which possibly leads to spamming.

Hi @pverberne,

Could you send me a private message with further details – for example, is this a DOS attack or something else?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi all,

I’ve filed this for addition to a future release:

Regards,
Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 40 hours. New replies are no longer allowed.