oss-sec mailing list archives
CVE request: CAPTCHA bypass in MantisBT
From: Damien Regad <dregad () mantisbt org>
Date: Sat, 17 Jan 2015 02:10:51 +0100
Greetings, Please assign a CVE ID for the following issue Description:An attacker can get an unlimited amount of CAPTCHA "samples" with different perturbations for the same challenge, which makes the whole captcha utterly useless and very easy to bypass.
Affected versions: <= 1.2.19 Fixed in versions: 1.2.19 (not yet released) Patch: See Github [1] Credit:This vulnerability was reported [2] by Florent Daigniere from Matta Consulting.
The issue was fixed by Damien Regad (MantisBT Developer). References: Further details available in our issue tracker [2] [1] https://github.com/mantisbt/mantisbt/commit/39a92726 [2] https://www.mantisbt.org/bugs/view.php?id=17984
Current thread:
- CVE request: CAPTCHA bypass in MantisBT Damien Regad (Jan 16)
- Re: CVE request: CAPTCHA bypass in MantisBT cve-assign (Jan 18)