Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
BID:22329
Info
Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
| Bugtraq ID: | 22329 |
| Class: | Design Error |
| CVE: |
CVE-2007-0658 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Drupal Textimage 4.7 Drupal Textimage 5.0 Drupal Drupal 4.7.6 Drupal Drupal 4.7.5 Drupal Drupal 4.7.4 Drupal Drupal 4.7.3 Drupal Drupal 4.7.2 Drupal Drupal 4.7.1 Drupal Drupal 4.7 Drupal Drupal 5.1 Drupal Drupal 5.0 Drupal Drupal 4.7 revision 1.15 Drupal Drupal 4.7 |
| Not Vulnerable: |
Drupal Textimage 5.0 1.1 Drupal Textimage 4.7 1.2 Drupal Drupal 5.1 revision 1.1 Drupal Drupal 4.7 revision 1.2 |
Discussion
Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
The CAPTCHA and TEXTIMAGE implementations of Drupal may be bypassed by remote attackers due to an unspecified error.
These issues may be used to carry out other attacks such as brute-force attempts against the login page.
The CAPTCHA and TEXTIMAGE implementations of Drupal may be bypassed by remote attackers due to an unspecified error.
These issues may be used to carry out other attacks such as brute-force attempts against the login page.
Exploit / POC
Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
An exploit is likely not required.
An exploit is likely not required.
Solution / Fix
Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
Solution:
The vendor has released fixes to address these issues.
Solution:
The vendor has released fixes to address these issues.
References
Drupal CAPTCHA And TEXTIMAGE Bypass Weakness
References:
References:
- Captcha - response validation bypass (Drupal)
- Textimage - response validation bypass (Drupal)
- Vendor Homepage (Drupal)