CMS login captcha can be bypassed by deleting cookies 

Issue date: 07-04-2020
Affects versions: 14.0, 13.4, 12.6, 11.2

Issue ID



Affected Product Version(s)

14.0.0, 13.4.1, 12.6.8 (and previous patch releases)





CMS login captcha can be bypassed by deleting cookies.

Steps to reproduce:

  • Try logging into the cms with invalid credentials multiple times, until the captcha appears
  • Delete cookies
  • Captcha goes away, you can keep trying


Every customer is advised to upgrade as soon as possible to the latest maintenance release as indicated above, or higher. This can be done by simply incrementing the version number of the parent POM for the implementation project.

See also the upgrade instructions.