069 – Weak CAPTCHA

Description

The system uses an insecure CAPTCHA implementation that allows the usage of optical recognition tools to automatically pass it.

Impact

Bypass security mechanisms to perform automated attacks.

Recommendation

Ensure that captchas response is at servers level and is not exposed on the HTML web pages code, also, ensure that captcha can not be read by an OCR.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 237 - Ascertain human interaction

Fixes

• Go
• Java
• Php
• Scala
• Swift
• Typescript

Last updated

2024/02/09