AlphaBay Login WITHOUT entering Captcha

Anyone else?


Comments


[7 Points] deepdot:

Its been discussed several times - the captcha becomes mandatory only after wrong credentials have been submitted once, to make the login process easier (assuming you enter the correct details on the first attempt).


[7 Points] None:

Oh God, you know how much I hate those posts. All right, here's how it works: in the user list table, every user has a "failed passwords" field. When you enter a username and password, if the information is correct and the "failed passwords" value is 0, it just lets you in without entering the captcha.

If you enter the wrong information, the "failed passwords" field is incremented, and since it is no longer 0, the captcha will be validated always.

When the correct password / captcha is entered, the value is resetted to 0, and this has nothing to do with cookies, as it is on the database side.

There are 13 threads so far on the subject in the forums.


[2 Points] darknetpotter:

Is /u/alpha02 aware? This is bad security and leaves people open to bruteforce attacks.


[2 Points] None:

It always gives me the captcha when logging in


[1 Points] None:

I don't know why you guys are attacking alphabay's captcha for not showing up on the first time, because when it does show up its completely useless and anyone that has gone to 2 weeks of an intro level programming class could easily automate turning word numbers into digit numbers...