Bugtraq mailing list archives
Re: Vulnerability in CB Captcha for Joomla and Mambo
From: Susan Bradley <sbradcpa () pacbell net>
Date: Thu, 15 Apr 2010 12:11:29 -0700
Dear Bugtraq.I am an admin of a site that has Captcha that spam gets through and the CPU sucks.
Honest question -- are you going to post about every site that has lousy captcha? Would it be faster if us admins that have lousy captcha just outted ourselves first?
MustLive wrote:
Hello Bugtraq! I want to warn you about security vulnerability in plugin CB Captcha (plug_cbcaptcha) for component Community Builder (com_comprofiler) forJoomla and Mambo. The posting of this advisory to mailing lists was delayed, because I found that there are two different vulnerable versions of plugindeveloped by different authors, so I needed to inform all authors. ----------------------------- Advisory: Vulnerability in CB Captcha for Joomla and Mambo ----------------------------- URL: http://websecurity.com.ua/4087/ ----------------------------- Affected products: CB Captcha 1.0.2 and previous versions (developed by Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat). ----------------------------- Timeline: 17.03.2010 - found vulnerability. 31.03.2010 - disclosed at my site.01.04.2010 - informed developer of CB Captcha 1.x. And because I found otherversion of the plugin by another author, and after checking it later I informed author of CB Captcha 2.x. 13.04.2010 - additionally informed developers of Community Builder (both joomlapolis.com and communitybuilder.ru). ----------------------------- Details: This is Insufficient Anti-automation vulnerability. This plugin is based on captcha script CaptchaSecurityImages.php and I already reported about vulnerabilities in CaptchaSecurityImages(http://websecurity.com.ua/4043/). And in plugin plug_cbcaptcha were fixed all Insufficient Anti-automation and Denial of Service vulnerabilities fromoriginal script, except one. Insufficient Anti-automation:In the plugin it's possible to bypass captcha with using of session reusing with constant captcha bypass method (http://websecurity.com.ua/1551/), whichwas described in project Month of Bugs in Captchas. With using of this method it's possible to bypass protection by sending the same code of captcha. It can be done at all pages where this plugin is used. In CB Captcha 1.xit's using at registration page, lost password form and lost email form. In CB Captcha 2.x, in addition to before-mentioned forms, it's using at contactform (in the presence of component CB Contact 1.1) and login form (in the presence of login module of CB 1.2). PoC:The PoC for this Insufficient Anti-automation vulnerability was provided to developers. Everyone who want can create such PoC from exploit provided inabove-mentioned article from MoBiC project. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- Vulnerability in CB Captcha for Joomla and Mambo MustLive (Apr 15)
- Re: Vulnerability in CB Captcha for Joomla and Mambo Susan Bradley (Apr 16)
- Re: Vulnerability in CB Captcha for Joomla and Mambo James Martin (Apr 19)
- Re: Vulnerability in CB Captcha for Joomla and Mambo Susan Bradley (Apr 19)
- Re: Vulnerability in CB Captcha for Joomla and Mambo Matteo Valenza (Apr 19)
- Re: Vulnerability in CB Captcha for Joomla and Mambo MustLive (Apr 19)
- Re: Vulnerability in CB Captcha for Joomla and Mambo James Martin (Apr 19)
- <Possible follow-ups>
- Re: Vulnerability in CB Captcha for Joomla and Mambo nant (Apr 16)
- Re: Vulnerability in CB Captcha for Joomla and Mambo nant (Apr 19)
- Re: Re: Vulnerability in CB Captcha for Joomla and Mambo none (Apr 20)
- Re: Vulnerability in CB Captcha for Joomla and Mambo MustLive (Apr 28)
- Re: Vulnerability in CB Captcha for Joomla and Mambo Susan Bradley (Apr 16)