oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: CAPTCHA bypass in MantisBT

From: cve-assign () mitre org
Date: Wed, 26 Nov 2014 23:12:25 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
https://www.mantisbt.org/bugs/view.php?id=17811



Use session rather than form key for captcha


Use CVE-2014-9117.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUdqMOAAoJEKllVAevmvmszB4IAJoBUTi5IJUsPH65tiLEjH4k
6YR4uZ7FJNy6lhDa5r0IwD6CfWcksgyvj3oPdI1SBp8308H8WpT+QaXzaSQxVlEy
QOOf8AztSjIR+PHNJZmzEFxp5J3WVsKq53UbIa0u83WwhencGohGNwABujR28A/X
2ARnctHzt8+YEUyhLTcAsYqAzgusvozVuN4sGiIdBwXRMzO6y+bbtqhe+nplBSbs
LY0r8pfz1Zvlz2sRaq73ySBSGhWKtF2FRoirvbuEPkwg+VlUaFT//nnWm06IfOF9
3u5F2jpRsb95OX9U6+OlPYxqZyTsI7P4840ZAarDBMgwHc1BVGTfbfprjxDKSco=
=Tmxs
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: