Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
BID:18315
CVE-2006-2918 |Info
Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
| Bugtraq ID: | 18315 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-2918 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 23 2006 12:00AM |
| Updated: | Jun 23 2006 08:25PM |
| Credit: | Michael White <[email protected]> and Graham Murphy <[email protected]> are credited with the discovery of this issue. |
| Vulnerable: |
Lanap BotDetect CAPTCHA ASP.NET 0 |
| Not Vulnerable: |
Lanap BotDetect CAPTCHA ASP.NET 1.5.4 .0 |
Discussion
Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
Lanap BotDetect is prone to a weakness that may allow attackers to bypass the CAPTCHA mechanism.
Exploiting this issue may aid malicious users in further attacks. The specific impact of exploiting this issue depends on the particular service that the software is employed to protect.
BotDetect CAPTCHA ASP.NET versions prior to 1.5.4.0 are affected by this issue.
Lanap BotDetect is prone to a weakness that may allow attackers to bypass the CAPTCHA mechanism.
Exploiting this issue may aid malicious users in further attacks. The specific impact of exploiting this issue depends on the particular service that the software is employed to protect.
BotDetect CAPTCHA ASP.NET versions prior to 1.5.4.0 are affected by this issue.
Exploit / POC
Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
Attackers use standard network utilities to exploit this issue.
Attackers use standard network utilities to exploit this issue.
Solution / Fix
Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
Solution:
The vendor has released version 1.5.4.0 of BotDetect CAPTCHA ASP.NET to address this issue.
Solution:
The vendor has released version 1.5.4.0 of BotDetect CAPTCHA ASP.NET to address this issue.