Skip to main content
D
DC_105173525-Regular Member
5-Regular Member
December 15, 2022
Solved

PTC account Creation Security Challenge

  • December 15, 2022
  • 2 replies
  • 4048 views

BadSecurity.PNG

When I created my account, I noticed the above.

 

Please fix.

 

Either remove the challenge or replace it with an actual challenge.  

Not only is it easy to OCR the underlined numbers, look at what is in the HTML that is sent.

 

 

 

	Please enter the <u>underlined</u> numbers only, in order:
	
	<input type="text" name="ptc_challenge" />
	<input type="hidden" name="ptc_challenge_md5" value="d46b5563235785cb406f053a22ec6288" />
	<input type="hidden" name="ptc_challenge_time" value="1671108352228" />
	<input type="hidden" name="ptc_challenge_mask" value="101100" />
	<input type="hidden" name="ptc_challenge_string" value="173304" />
	<u>1</u>7<u>3</u><u>3</u>04

 

 

 

So, a spammer can just read the mask and apply it to the string, and spam you folks.  They don't even have to do OCR.

Best answer by PeterCase

Hi @DC_10517352 (and @VladimirN thank you for bringing me in to the thread), 

This is timely, as our team is currently revamping the new user registration experience to simplify the whole process, collecting only the minimal data needed, and removing the burden of asking new users which type of account they require.

As we have other protection on this, and other pages, we'll review whether it's appropriate to remove the now dated "Underline" challenge, or replace out with a more modern (reCAPTCHA or similar) service. 

Look out for the new experience at some point during Sprint 2023.

Peter.  

2 replies

V
24-Ruby III
VladimirN24-Ruby III
24-Ruby III
December 15, 2022

@PeterCase Please take a look.

P
PeterCase17-PeridotAnswer
17-Peridot
December 28, 2022

Hi @DC_10517352 (and @VladimirN thank you for bringing me in to the thread), 

This is timely, as our team is currently revamping the new user registration experience to simplify the whole process, collecting only the minimal data needed, and removing the burden of asking new users which type of account they require.

As we have other protection on this, and other pages, we'll review whether it's appropriate to remove the now dated "Underline" challenge, or replace out with a more modern (reCAPTCHA or similar) service. 

Look out for the new experience at some point during Sprint 2023.

Peter.  

    Terms & ConditionsCookie settingsAccessibility statement