lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAO7Ur9uwRGOTKng=6huhM3cAwaB-qUxATTejKuQWEhfOMbR0Rw@mail.gmail.com>
Date: Fri, 7 Sep 2018 10:53:04 +0200
From: Lyderic LEFEBVRE <lylefebvre.infosec@...il.com>
To: bugtraq@...urityfocus.com
Subject: [CVE-2018-15876] Ajax BootModal Login Captcha Reuse

About:
===========
Component: Ajax BootModal Login (Wordpress plugin)
Vulnerable version: 1.4.3 and possibly prior
CVE-ID: CVE-2018-15876
Author:
- Lydéric Lefebvre (https://www.linkedin.com/in/lydericlefebvre)
- Fabien Haureils (https://www.linkedin.com/in/fabien-haureils/)

Timeline:
===========
- 2018/08/25: Vulnerability found
- 2018/08/25: Advisory published on GitHub
- 2018/08/25: CVE-ID request
- 2018/08/26: Reported to developer on GitHub
- 2018/09/01: No response from developer
- 2018/09/01: Advisory sent to bugtraq mailing list

Description:
===========
Register form, login form and password recovery form need CAPTCHA
solving to perform actions. However, these CAPTCHAs seem to be valid
as long as the user session is valid. One could send as many requests
as one wished by automatisation. This allows an attacker to spam large
number of mail addresses, and brute-force credentials.

References:
===========
https://github.com/aas-n/CVE/tree/master/CVE-2018-15876

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ