Description

The system uses an insecure CAPTCHA implementation that allows the usage of optical recognition tools to automatically pass it.

Impact

Bypass security mechanisms to perform automated attacks.

Recommendation

Ensure that captchas response is at servers level and is not exposed on the HTML web pages code, also, ensure that captcha can not be read by an OCR.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes