Lucene search

Veracode Vulnerability DatabaseVERACODE:44633

HistoryDec 12, 2023 - 5:57 a.m.

Captcha Verification Bypass

2023-12-1205:57:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

base64captcha

vulnerability

bypass

captcha validation

application security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

base64Captcha is vulnerable to Captcha Verification Bypass. The vulnerability is due to improper verification of captcha wherein, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is set to true, the function will always consider the Captcha to be correct. This issue can be exploited by an attacker to bypass the Captcha validation in an application.

References

github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7

github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13

github.com/mojocn/base64Captcha/issues/120

pkg.go.dev/vuln/GO-2023-2386

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Related for VERACODE:44633