Closed
Bug 700609
(wh-6095479)
Opened 13 years ago
Closed 13 years ago
Insufficient Anti-automation on AMO abuse form for authenticated users
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect)
addons.mozilla.org Graveyard
Developer Pages
Tracking
(Not tracked)
VERIFIED
WONTFIX
People
(Reporter: mgoodwin, Unassigned)
Details
(Whiteboard: [infrasec:bestpractice][ws:low][wh-6095479][wh-7453206])
Issue: When not authenticated to the application, a CAPTCHA is used when reporting abuse. However, once authenticated, the CAPTCHA is no longer required and is not displayed on the 'Report Abuse' page. Remediation: Captca should be required for authenticated to prevent automated attacks.
Reporter | ||
Updated•13 years ago
|
Alias: wh-6095479
Group: client-services-security
Reporter | ||
Updated•13 years ago
|
Whiteboard: [infrasec:bestpractice][ws:low][wh-6095479] → [infrasec:bestpractice][ws:low][wh-6095479][wh-7453206]
Reporter | ||
Comment 1•13 years ago
|
||
Alternative remediation could also include something like limiting the rate of requests for a given user.
Summary: CAPTCHA missing on AMO abuse form for authenticated users (Insufficient Anti-automation) → Insufficient Anti-automation on AMO abuse form for authenticated users
Comment 2•13 years ago
|
||
This hasn't been a problem in the past and it's something we'll deal with if it comes up. Submissions here do nothing but add to a queue so there may be opportunity for a weak DoS but automated abuse isn't going to have lasting repercussions. -> wontfix
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Updated•12 years ago
|
Group: client-services-security
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•