<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Knowage CAPTCHA Bypass

Posted by David Chadwick - 31 July, 2019


Knowage CAPTCHA Bypass

Release date: 29/07/2019

Last update:

Vendor: Knowage-suite

Vendor site: https://www.knowage-suite.com/site/home/

Product: Knowage

Affected version(s): 6.1.1

Remediated version: 6.4

Severity Rating: Low

Impact: Operational disruption

Attack vector: Remote without authentication

CVE: CVE-2019-13190

Details: The CAPTCHA is insecurely configured in the application. It is possible to bypass the CAPTCHA control by using the same valid CAPTCHA code for each request. This would only require an attacker to manually visit the page first to obtain the valid CAPTCHA code, then it can be automated to submit multiple requests. This could flood the application with numerous fake/spam accounts.


Recommendation: Update to the latest patch.

Discovered by: David Chadwick from Content Security Pty. Ltd.

Recent Posts

How to Achieve Strong IT Security: A Refresher on the NIST Framework

read more

What the Overhaul of Tertiary Education Fees Could Mean for the Australian Cybersecurity Industry

read more

5 Steps to Creating a Cybersecurity Policy that Supports Business Success

read more