Page MenuHomePhabricator
Create Task
Maniphest T23579

OTRS password request abuse (implement CAPTCHA?)
Open, Stalled, LowestPublic
Actions

Description

Someone mass send password request to my email address via "Lost your password?" of OTRS login. Now have receive > 100 email.

plese add captcha for OTRS!

Version: unspecified
Severity: major
URL: https://ticket.wikimedia.org/otrs/index.pl
See Also:
http://bugs.otrs.org/show_bug.cgi?id=4631
https://otrsteam.ideascale.com/a/dtd/Disallow-spamming-agents-by-Lost-password-feature/455056-10369

Details

Reference
bz21579

Related Objects

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 10:48 PM
bzimport added projects: Znuny, Upstream.
bzimport set Reference to bz21579.
bzimport added a subscriber: Unknown Object (MLST).
Shizhao created this task.Nov 20 2009, 4:23 PM
bzimport added a comment.Nov 20 2009, 4:27 PM

str4nd wrote:

*** Bug 21580 has been marked as a duplicate of this bug. ***

liangent added a comment.Nov 20 2009, 4:33 PM

OTRS's bugzilla: http://bugs.otrs.org/

Platonides added a comment.Nov 22 2009, 9:54 PM

Wasn't it reported upstream?

bzimport added a comment.Dec 7 2009, 8:54 PM

hiroe_14 wrote:

OTRS's

Platonides added a comment.Dec 7 2009, 10:43 PM

Reported upstream as otrs bug #4631
http://bugs.otrs.org/show_bug.cgi?id=4631

drdee added a comment.Nov 29 2011, 11:06 PM

Bug has still not been fixed in OTRS.

Aklapper added a comment.Dec 12 2012, 3:14 PM

[Removing RESOLVED LATER as discussed in
http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html .
Reopening and setting priority to "Lowest".
For future reference, please use either RESOLVED WONTFIX (for issues that will
not be fixed), or simply set lowest priority. Thanks a lot!]

Aklapper added a comment.Feb 21 2013, 4:17 PM

I don't think Tim is actively working on this (instead we are waiting for upstream developers to fix it), hence I'm resetting the assignee.

Still valid and unresolved in upstream (see "See Also:" field for URL).

bzimport added a comment.Apr 13 2013, 3:05 PM

hozanji wrote:

content hidden as private in Bugzilla

Reedy added a comment.Apr 13 2013, 3:30 PM

content hidden as private in Bugzilla

Aklapper added a comment.Oct 12 2013, 12:32 AM

Upstreamed as Idea#1335 on https://otrsteam.ideascale.com/a/dtd/Disallow-spamming-agents-by-Lost-password-feature/455056-10369

Rjd0060 set Security to None.Nov 25 2014, 11:04 AM
Rjd0060 added subscribers: pajz, Rjd0060.
Steinsplitter moved this task from Incoming to Backlog on the Znuny board.Mar 12 2015, 12:38 PM
Josve05a changed the task status from Open to Stalled.Sep 20 2017, 10:18 PM
Josve05a moved this task from Backlog to Reported Upstream on the Upstream board.
Josve05a subscribed.

Marking as stalled, pending possible future upstream implementation.

Framawiki subscribed.Oct 11 2017, 6:41 PM
OldUser02 subscribed.Feb 22 2018, 9:50 AM
This comment was removed by OldUser02.
Restricted Application added a subscriber: alaa. · View Herald TranscriptFeb 22 2018, 9:50 AM
Meno25 unsubscribed.Nov 23 2018, 8:07 AM
OldUser02 updated the task description. (Show Details)Sep 4 2019, 7:37 AM
OldUser01 subscribed.Feb 1 2020, 1:07 PM
NoFWDaddress mentioned this in T187984: Update OTRS to the latest stable version (6.0.x).Sep 18 2020, 3:36 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL