| Key: |
FWK-114
|
| Type: |
Bug
|
| Status: |
Open
|
| Priority: |
Critical
|
| Assignee: |
Unassigned
|
| Reporter: |
hugo vazquez
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
|
JCaptcha always generates the same sound file. That is, for example, the number 3408, always gives a .wav sound file wich is exactly the same sound. So it is trivial so map all the entire range of posssible captcha sounds and thus the attacker does not need to "listen" the file, just a script that downloads the sound file, check it's hash and find what number is associated with that hash. So automated attacks to bypass the captcha are trivial...
|
|
Description
|
JCaptcha always generates the same sound file. That is, for example, the number 3408, always gives a .wav sound file wich is exactly the same sound. So it is trivial so map all the entire range of posssible captcha sounds and thus the attacker does not need to "listen" the file, just a script that downloads the sound file, check it's hash and find what number is associated with that hash. So automated attacks to bypass the captcha are trivial... |
Show » |
Sort Order:
|
Possible vulnerability in JCAPTCHA