Re: login captcha issue
Have you tried calling `captchaImageResource.invalidate();` in your onSubmit() method ? On Sun, Aug 1, 2021 at 4:24 PM vahid ghasemi wrote: > I used this method but after that my captcha image is not rendered and cant > see that. > > On Sun, Aug 1, 2021 at 11:11 AM Maxim Solodovnik > wrote: > > > You can set-up NoVersionMapper > > https://stackoverflow.com/questions/8602489/delete-version-number-in-url > > > > > > > > from mobile (sorry for typos ;) > > > > > > On Sat, Jul 31, 2021, 22:39 vahid ghasemi > > wrote: > > > > > Hello > > > I have a login form with a captcha. > > > I tested my form with Burp suite (penetration test tool). > > > in Burp I can send header requests a lot of time for brood force(just > > > change password). > > > this problem is because of the number at end of my > > > URL(localhost:8080/login?1). > > > so with this way attackers can bypass captcha. > > > how can i fix this problem. > > > > > >
Re: login captcha issue
I used this method but after that my captcha image is not rendered and cant see that. On Sun, Aug 1, 2021 at 11:11 AM Maxim Solodovnik wrote: > You can set-up NoVersionMapper > https://stackoverflow.com/questions/8602489/delete-version-number-in-url > > > > from mobile (sorry for typos ;) > > > On Sat, Jul 31, 2021, 22:39 vahid ghasemi > wrote: > > > Hello > > I have a login form with a captcha. > > I tested my form with Burp suite (penetration test tool). > > in Burp I can send header requests a lot of time for brood force(just > > change password). > > this problem is because of the number at end of my > > URL(localhost:8080/login?1). > > so with this way attackers can bypass captcha. > > how can i fix this problem. > > >
Re: login captcha issue
You can set-up NoVersionMapper https://stackoverflow.com/questions/8602489/delete-version-number-in-url from mobile (sorry for typos ;) On Sat, Jul 31, 2021, 22:39 vahid ghasemi wrote: > Hello > I have a login form with a captcha. > I tested my form with Burp suite (penetration test tool). > in Burp I can send header requests a lot of time for brood force(just > change password). > this problem is because of the number at end of my > URL(localhost:8080/login?1). > so with this way attackers can bypass captcha. > how can i fix this problem. >