Issue: When not authenticated to the application, a CAPTCHA is used when reporting abuse. However, once authenticated, the CAPTCHA is no longer required and is not displayed on the 'Report Abuse' page. Remediation: Captca should be required for authenticated to prevent automated attacks.
Whiteboard: [infrasec:bestpractice][ws:low][wh-6095479] → [infrasec:bestpractice][ws:low][wh-6095479][wh-7453206]
Alternative remediation could also include something like limiting the rate of requests for a given user.
Summary: CAPTCHA missing on AMO abuse form for authenticated users (Insufficient Anti-automation) → Insufficient Anti-automation on AMO abuse form for authenticated users
This hasn't been a problem in the past and it's something we'll deal with if it comes up. Submissions here do nothing but add to a queue so there may be opportunity for a weak DoS but automated abuse isn't going to have lasting repercussions. -> wontfix
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.