Bugtraq mailing list archives
[CVE-2018-15876] Ajax BootModal Login Captcha Reuse
From: Lyderic LEFEBVRE <lylefebvre.infosec () gmail com>
Date: Fri, 7 Sep 2018 10:53:04 +0200
About: =========== Component: Ajax BootModal Login (Wordpress plugin) Vulnerable version: 1.4.3 and possibly prior CVE-ID: CVE-2018-15876 Author: - Lydéric Lefebvre (https://www.linkedin.com/in/lydericlefebvre) - Fabien Haureils (https://www.linkedin.com/in/fabien-haureils/) Timeline: =========== - 2018/08/25: Vulnerability found - 2018/08/25: Advisory published on GitHub - 2018/08/25: CVE-ID request - 2018/08/26: Reported to developer on GitHub - 2018/09/01: No response from developer - 2018/09/01: Advisory sent to bugtraq mailing list Description: =========== Register form, login form and password recovery form need CAPTCHA solving to perform actions. However, these CAPTCHAs seem to be valid as long as the user session is valid. One could send as many requests as one wished by automatisation. This allows an attacker to spam large number of mail addresses, and brute-force credentials. References: =========== https://github.com/aas-n/CVE/tree/master/CVE-2018-15876
Current thread:
- [CVE-2018-15876] Ajax BootModal Login Captcha Reuse Lyderic LEFEBVRE (Sep 07)