CMS login captcha can be bypassed by deleting cookies
Issue date: 07-04-2020Affects versions: 14.0, 13.4, 12.6, 11.2
Issue ID
SECURITY-136
Affected Product Version(s)
14.0.0, 13.4.1, 12.6.8 (and previous patch releases)
Severity
Medium
Description
CMS login captcha can be bypassed by deleting cookies.
Steps to reproduce:
- Try logging into the cms with invalid credentials multiple times, until the captcha appears
- Delete cookies
- Captcha goes away, you can keep trying
Instructions
Every customer is advised to upgrade as soon as possible to the latest maintenance release as indicated above, or higher. This can be done by simply incrementing the version number of the parent POM for the implementation project.
See also the upgrade instructions.