Bypassing Captcha Verification by Exploiting Default Implementation

Bypassing Captcha Verification by Exploiting Default Implementation

CVE-2023-45292 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.

Learn more about our Web Application Penetration Testing UK.