Webmail login CAPTCHA is broken

Townman · ‎22-08-2007

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Alex · ‎05-04-2007

How did you try to get into webmail @Townman

Just tried it, logged in and never got asked for a CAPTCHA. Mind you I never use webmail so maybe there is some criteria where it asks you for it, say if you use it more often than me?

Townman · ‎22-08-2007

There is an email account I have operational issues with. Rather looks like after a number of failed attempts CAPTCHA is invoked as an added security measure against hacking tools.

However (as shown) no CAPTCHA phrase is shown … providing a solid lockout, even with the right password.

It does however appear that if left alone for long enough, the CAPTCHA added security is dropped.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Gandalf · ‎21-04-2017

I can see this is raised to our incident management team under ref: IMT-559

As a workaround, if you wait around an hour you should be able to login to webmail without seeing CAPTCHA.

From 31st October 2022, I no longer have a regular presence here as I’ve moved on to a new role.

Anoush Mortazavi
Plusnet

Alex · ‎05-04-2007

Thanks all I understand now, it is only invoked for security reasons should there be multiple sign in attempts in a short space of time I guess.

graemev · ‎13-06-2018

This still seems to be broke:

Townman · ‎22-08-2007

Give it a couple of hours and try again.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

graemev · ‎13-06-2018

OK, but that's not really an answer.

1: I (somebody) could just try logging on with random passwords . This was deemed to be a security issue, the response seemed to be to introduce CAPTCHA. Once this does not work, the security "solution" has failed [ NB security is NOT about keeping "*bad guys*" out , turning the site off would be good security in that world]

2: The security does not actually seem to be enforced on the server side. I have several web mail boxes. All these put up the CAPTCHA challenge, not just ones I've tried before . The lockout is being done at this end (or by IP address) which won't prevent a dictionary attack

So the effect is only to cause inconvenience to legitimate users , while no restriction attackers [ This is an all-too-common scenario]

FYI. I was in this situation because Firefox complained I needed critical updates . So I updated. Guess what they hadn’t tested it either so it lost ALL my saved passwords. So I needed to contact various people but guess what this locked me out of my email. So I goto the forum and hey ho I hit this.

BTW. I note the "hours wait" was a work-around in Jun 2018