Page 1 of 1

Clickjacking on Humble (Recaptcha)

Posted: Thu Nov 10, 2016 11:14 pm
by Brosh
Hello there.

Was just about to log in to Humble Bundle (https://www.humblebundle.com/) when I noticed a captcha, I assume it's because I had an old password saved in the browser and it tried to auto-login with that first. When I clicked on the "I'm not a robot" part however, it generates a clearclick warning.

I'm sure it's something innocent as hovering between the two images gives the same sort of result, just a few pixels higher, and the captcha appears in the existing frame so I thought maybe that was causing it. Still I figured it was worth asking if it's ok to allow.

The report ID was 643075.

Thanks!

Re: Clickjacking on Humble (Recaptcha)

Posted: Fri Nov 11, 2016 12:11 am
by Thrawn
If the 'before' and 'after' images both look like what you intend to click on, then yes, it's safe.

Re: Clickjacking on Humble (Recaptcha)

Posted: Fri Nov 11, 2016 12:25 am
by Brosh
Aha ok.

Thank you very much.

Re: Clickjacking on Humble (Recaptcha)

Posted: Thu Dec 15, 2016 3:26 pm
by Guest
I get a clickjack warning when clicking the embedded Captcha on paket.de, surely safe but same as described in ticket https://trac.torproject.org/projects/tor/ticket/14985. (Win 10 Pro 64-bit, FF and Noscript each current version).

Re: Clickjacking on Humble (Recaptcha)

Posted: Thu Dec 15, 2016 3:59 pm
by barbaz
Report ID?

Re: Clickjacking on Humble (Recaptcha)

Posted: Thu Dec 15, 2016 10:48 pm
by Guest
Sorry, I don't know. Left the browser open for hours and just logged in again and it was working ... I'll make sure to note the report id if it happens again. Thank you.

Re: Clickjacking on Humble (Recaptcha)

Posted: Wed Dec 21, 2016 12:00 am
by Guest
barbaz wrote:Report ID?
After it had been working a few times, today the warning popped up again with Report ID 67554 and "Potential Clickjacking Attack / Attempted UI-Reconsignment ... partly hidden element ...". This is happening on a DHL website that ought to be trustworthy. I'm sorry, all this is pretty much double Dutch to me, which is why I like to rely on NoScript.

Anke

Re: Clickjacking on Humble (Recaptcha)

Posted: Wed Jan 11, 2017 12:05 am
by Guest Ing
I had the same issue on humble bundle: report ID 691805

I also encountered this on a recaptcha on another website (https://ing.dk/scientariet/sporg): Report ID 691807