Require CAPTCHA for guest walk-up experience in customer service application

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The CAPTCHA for the Guest Walk-up experience prevents unauthenticated guest users to create bookings by requiring users to complete a CAPTCHA verification.

    The CAPTCHA for the Guest Walk-up experience prevents unauthenticated guest users to create bookings by requiring users to complete a CAPTCHA verification. If CAPTCHA isn't enabled, this could lead to automated creation of spam appointments to overwhelm the system or fill up all available booking spots creating a Denial of Service attack.

    If Guest Walk-up Experience for Customer Service application is active, ensure that sn_guest_walkup_cs.captcha.enabled is set to true.

    More information

    Attribute Description
    Configuration name sn_guest_walkup_cs.captcha.enabled
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <none>
    Fallback value true
    Category Authentication
    Security risk
    • Severity score: 3.7
    • CVSS score: Low
    • Security risk details: This exposes the system to spam appointments and resource exhaustion attacks, potentially filling all available booking slots and causing a Denial of Service (DoS). Without CAPTCHA, the platform lacks a critical control to prevent automated abuse and maintain service availability.
    Dependencies and prerequisites None
    Functional impact This property enables or disables the captcha on the CSM Guest Walkup Check-in widgets. By default, it is set to true.