Closed amenk closed 1 year ago
Security scan source IPs: https://community.magento.com/t5/Can-Magento-do/Security-Scan-Tool-source-ips/m-p/405381/highlight/true#M4379 (because it does not use a proper user agent) They check
52.87.98.44 - - [26/Sep/2022:08:29:08 +0200] "GET /customer/account/create/ HTTP/1.0" 200 9417 "www.example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
But we don't know what the check for.
Info from Magento / Adobe:
The extension will be added as standard reCAPTCHA replacement globally, for all stores.
The security scan no longer triggers, https://github.com/iMi-digital/magento2-friendly-captcha/commit/c160ff671b16533c0183f330be836d21f4e5f8ec
If Adobe's Magento security scanner is used, it would tell us we don't use a captcha, because ReCaptcha is off, despite using FriendlyCaptcha:
How can we work around this false positive?