oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - simple-php-captcha - captcha bypass vulnerability

From: Solar Designer <solar () openwall com>
Date: Mon, 17 Aug 2015 22:37:23 +0300
On Mon, Aug 17, 2015 at 01:55:48PM -0400, cve-assign () mitre org wrote:

https://github.com/claviska/simple-php-captcha/issues/16


Use CVE-2015-6250 for the original issue that the "srand(microtime() *
100)" call is counterproductive because, especially in cases of good
time synchronization, the client is able to run the same srand call as
the server.


FWIW, time synchronization was irrelevant.  The original report said:

"Since microtime() is used both in the initial seed for the captcha and
in the captcha url path sent to the client, [...]"

This is referring to:

$image_src = substr(__FILE__, strlen( realpath($_SERVER['DOCUMENT_ROOT']) )) . '?_CAPTCHA&amp;t=' . 
urlencode(microtime());

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: