Posted by Joey Kelly on Mar 28

This conflates two issues, and anyhow, Basic Authentication is not a
problem (Digest won’t be any more secure than Basic, if SSL is used…
is it present?).

CAPTCHA has nothing to do with CSRF. Neither do default credentials.