|
Family: CGI abuses --> Category: attack
Drupal Captcha Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to bypass captcha when registering as a new user in Drupal
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by a
security bypass vulnerability.
Description :
The version of Drupal installed on the remote host includes at least
one third-party module that adds a 'captcha' to various forms such as
for user registration but which can be bypassed using a specially-
crafted 'edit[captcha_response]' parameter. As a result, a possible hacker
can script access to whatever forms the module is designed to protect
from automated abuse.
See also :
http://drupal.org/node/114364
http://drupal.org/node/114519
Solution :
Upgrade to Drupal captcha module version 4.7-1.2 / 5.x-1.1 and/or
textimage module version 4.7-1.2 / 5.x-1.1 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|