[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Jcaptcha vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Jcaptcha vulnerability
From: hvazquez@xxxxxxxxxx
Date: Thu, 22 Apr 2010 00:16:58 -0700

<html><body><span style="font-family:Verdana; color:#000000; 
font-size:10pt;"><div>Hi,</div><div><br></div><div>Jcaptcha has a design 
problem that allows a complete bypass of it's security 
features.</div><div><br></div><div>Vendor was contacted on 
12/Dec/09:</div><div><br></div><div><a 
href="http://jcaptcha.octo.com/jira/browse/FWK-114";>http://jcaptcha.octo.com/jira/browse/FWK-114</a></div><div><br></div><div>Other
 captcha systems could be affected.</div><div><br></div><div>Kind 
Regards,<br></div><div><br></div><div>---------------------<br><br>Hugo Vázquez 
Caramés<br><br>"El trabajo que nunca se empieza es el que tarda más en 
finalizarse" (J. R. R. Tolkien)<br><br>"La mayoría de las personas gastan más 
tiempo y energías en hablar de los problemas que en afrontarlos" (Henry 
Ford)<br><br>========================================================<br>PENTEST
 Consultores<br>Tel: 93 3962070 / Fax: 93 3962001<br>e-mail:  
hvazquez@xxxxxxxxxx<br>========================================================<br>Gane
 credibilidad y confianza, visite <a 
href="http://www.pentest.es";>http://www.pentest.es</a><br><br><br>Este e-mail 
es  confidencial y destinado únicamente a la  persona a la cual va dirigido.  
Si Ud. no es  el destinatario al cual va dirigido este e-mail o  lo recibe por 
error, queda  advertido que cualquier uso,  difusión,impresión o copia de este 
mensaje está estrictamente prohibido. Si lo ha recibido  por error, por  favor, 
notifíquelo al  remitente del  mensaje<br><br>This email is confidential and 
intended solely for the use of the individual to whom it is addressed. If you 
are not the intended recipient,be advised that you have received this email in 
error and that any use,dissemination, forwarding, printing or copying of this 
email is  strictly  prohibited.  If you  have received  this email in error  
please notify  it to  sender.<br><span style="visibility: hidden; display: 
inline;" mce_style="visibility: hidden; display: inline;">&nbsp;</span> 
</div></span></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Next by Date: Re: [Full-disclosure] Please Welcome SuperFB ( and ignore this message )
Previous by thread: [Full-disclosure] Vulnerabilities in NovaBoard
Next by thread: [Full-disclosure] [Announcement] Introducing SecurityTube Tools section!
Index(es):
- Date
- Thread