oss-sec mailing list archives
CVE Request: CAPTCHA bypass in MantisBT
From: Damien Regad <dregad () mantisbt org>
Date: Wed, 26 Nov 2014 17:58:31 +0100
Description:There is a weakness on the CAPTCHA system that is used upon registration of a new user that could allow a malicious individual to perform a denial of service attack by indiscriminately creating new accounts, thus generating a high load on the server.
Affected versions: <= 1.2.17 Fixed in versions: 1.2.18 (not yet released) Patch: See Github [1] Credit:Issue was discovered by Alejo Popovici and fixed by Victor Boctor (MantisBT Developer)
References: Further details available in our issue tracker [2] D. Regad MantisBT Developer http://www.mantisbt.org [1] http://github.com/mantisbt/mantisbt/commit/7bb78e45 [2] https://www.mantisbt.org/bugs/view.php?id=17811
Current thread:
- CVE Request: CAPTCHA bypass in MantisBT Damien Regad (Nov 26)
- Re: CVE Request: CAPTCHA bypass in MantisBT cve-assign (Nov 26)