[CVE-2018-15876] Ajax BootModal Login Captcha Reuse

From: Lyderic LEFEBVRE <lylefebvre.infosec@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: [CVE-2018-15876] Ajax BootModal Login Captcha Reuse
Date:


About:
===========
Component: Ajax BootModal Login (Wordpress plugin)
Vulnerable version: 1.4.3 and possibly prior
CVE-ID: CVE-2018-15876
Author:
- Lydric Lefebvre (https://www.linkedin.com/in/lydericlefebvre)
- Fabien Haureils (https://www.linkedin.com/in/fabien-haureils/)

Timeline:
===========
- 2018/08/25: Vulnerability found
- 2018/08/25: Advisory published on GitHub
- 2018/08/25: CVE-ID request
- 2018/08/26: Reported to developer on GitHub
- 2018/09/01: No response from developer
- 2018/09/01: Advisory sent to bugtraq mailing list

Description:
===========
Register form, login form and password recovery form need CAPTCHA
solving to perform actions. However, these CAPTCHAs seem to be valid
as long as the user session is valid. One could send as many requests
as one wished by automatisation. This allows an attacker to spam large
number of mail addresses, and brute-force credentials.

References:
===========
https://github.com/aas-n/CVE/tree/master/CVE-2018-15876





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.