Sumeru Cyber Security
  • Sumeru Cyber Security
  • Workarounds for prevalent vulnerabilities
    • Version Disclosure
    • Host Header Attack
    • HttpOnly and Secure Flag
    • Security Headers
    • Clickjacking
    • Weak Password
    • Username Enumeration
    • jQuery Outdated
    • Cross-Origin Resource Sharing
    • AWS S3 Bucket Misconfiguration
    • Directory Listing
    • Laravel Debug Enabled
    • Autocomplete and Remember Password Enabled
    • Brute Force Attack
    • Cross Site Request Forgery
    • SQL Injection
    • PhpMyAdmin page Available Publicly
    • Implementation of BASIC Authentication
    • Cache Browsing
    • Insecure Direct Object Reference
    • Active mixed content over https
    • Improper forgot password implementation
    • ASP.NET Debug Enabled
    • Sensitive Data Sent in GET Request
    • Weak CAPTCHA Implementation
    • Csv Injection
    • Cross Site Scripting
    • Web Server Robot.txt Information Disclosure
    • SSL Related Issues
    • Local File Inclusion
    • Weak CAPTCHA Implementation
    • Automated Form Submission
    • Php.ini File Available Publicly
    • ITLP
    • Internal Path Disclosure
    • Insecure Direct Object Reference
    • Access Token Not Expiring After Logout
  • OWASP A09-Security Logging and Monitoring Failures
  • OWASP API09-Improper Inventory Management v1.0
Powered by GitBook
On this page
  • Introduction
  • Impact
  • How To Test
  • Step 1
  • Step 2:
  • How to Fix

Was this helpful?

  1. Workarounds for prevalent vulnerabilities

Weak CAPTCHA Implementation

PreviousSensitive Data Sent in GET RequestNextCsv Injection

Last updated 5 years ago

Was this helpful?

Introduction

If the CAPTCHA implemented in the Login page or change password page is validated on client side which can be bypassed by an attacker with the help of web proxy tools. As there is no server side validation for CAPTCHA which could allow to perform attacks like Brute force or automated submission for change password request for multiple uses.

Impact

Weak implementation of CAPTCHA allows an attacker to bypass the protection and perform further attacks which could result in user account compromise and denial of service.

This vulnerability affects the business and results in following:

  • Loss of user confidence

  • Loss of availability

  • Loss of reputation

How To Test

Step 1

When try to login here without captcha it shown warning message as “You cannot leave Captcha Code Empty” like the below screenshot.

Step 2:

After filling the credentials and verifying the captcha to login as shown in the below screenshot.

  • In burp suite, go to proxy tab and go to HTTP history. Then sent any request to the repeater by right click on the packet.as shown in the below screenshots.

In this request removed the “g-recaptcha-response” parameter and this value and send the request 302 response shown in the response.

It is successfully logged in to the home page even though we removed the captcha and send the request as shown in the below screenshots.

This major problem happened because of only captcha is validated in the client side not in the server side. So we easily logged into the application by the steps which is mentioned above.

How to Fix

We recommend the following best practices

  • Server-side validation should be implemented.

  • No CAPTCHA information should be stored on the client side.

  • The client should have no "control" over the CAPTCHA content.

  • CAPTCHA images should not be reused.

Go to the respective site (Eg: )

Open Burp suite Community Edition. Here, is the to configuration on your browser.

http://localhost/login.php
Blog