Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-11-007 – PHPCaptcha / Securimage 2.0.2 – Authentication Bypass

Release Date: 20-May-2011

Last Update:

Vendor Notification Date: 04-Apr-2011

Product: Securimage / PHPCaptcha

Platform: PHP

Affected versions: 1.0.4 – 2.0.2

Severity Rating: Medium

Impact: Authentication bypass

Attack Vector: Remote without authentication

Solution Status: Vendor workaround (remove securimage_play.php)

CVE reference: Not yet assigned

Details

PHPCaptcha, also known as Securimage, is a popular Open Source PHP CAPTCHA library. It is also used in popular WordPress plugins such as the “Fast Secure Contact Form”.

Insufficient distortion in the audio version of the CAPTCHA allows an attacker to quickly decode the CAPTCHA by performing basic binary analysis of the generated audio file. The issue is compounded by the fact that even if the audio feature of the CAPTCHA has been disabled, it can still be accessed by forceful browsing to the /secure_play.php URI.

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

Remove the script securimage_play.php and disable the use of the Audio CAPTCHA.

Discovered By

Phil Taylor from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.