Clickjacking on Humble (Recaptcha)

[Brosh]

Hello there.

Was just about to log in to Humble Bundle (https://www.humblebundle.com/) when I noticed a captcha, I assume it's because I had an old password saved in the browser and it tried to auto-login with that first. When I clicked on the "I'm not a robot" part however, it generates a clearclick warning.

I'm sure it's something innocent as hovering between the two images gives the same sort of result, just a few pixels higher, and the captcha appears in the existing frame so I thought maybe that was causing it. Still I figured it was worth asking if it's ok to allow.

The report ID was 643075.

Thanks!

[Thrawn]

If the 'before' and 'after' images both look like what you intend to click on, then yes, it's safe.

[Brosh]

Aha ok.

Thank you very much.

[Guest]

I get a clickjack warning when clicking the embedded Captcha on paket.de, surely safe but same as described in ticket https://trac.torproject.org/projects/tor/ticket/14985. (Win 10 Pro 64-bit, FF and Noscript each current version).

[barbaz]

Report ID?

[Guest]

Sorry, I don't know. Left the browser open for hours and just logged in again and it was working ... I'll make sure to note the report id if it happens again. Thank you.

[Guest]

Report ID?

After it had been working a few times, today the warning popped up again with Report ID 67554 and "Potential Clickjacking Attack / Attempted UI-Reconsignment ... partly hidden element ...". This is happening on a DHL website that ought to be trustworthy. I'm sorry, all this is pretty much double Dutch to me, which is why I like to rely on NoScript.

Anke

[Guest Ing]

I had the same issue on humble bundle: report ID 691805

I also encountered this on a recaptcha on another website (https://ing.dk/scientariet/sporg): Report ID 691807