Date: Sat, 17 Jan 2015 02:10:51 +0100 From: Damien Regad <dregad@...tisbt.org> To: oss-security@...ts.openwall.com Subject: CVE request: CAPTCHA bypass in MantisBT Greetings, Please assign a CVE ID for the following issue Description: An attacker can get an unlimited amount of CAPTCHA "samples" with different perturbations for the same challenge, which makes the whole captcha utterly useless and very easy to bypass. Affected versions: <= 1.2.19 Fixed in versions: 1.2.19 (not yet released) Patch: See Github  Credit: This vulnerability was reported  by Florent Daigniere from Matta Consulting. The issue was fixed by Damien Regad (MantisBT Developer). References: Further details available in our issue tracker   https://github.com/mantisbt/mantisbt/commit/39a92726  https://www.mantisbt.org/bugs/view.php?id=17984
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ