<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Knowage CAPTCHA Bypass

Posted by David Chadwick - 31 July, 2019

header-picture

Knowage CAPTCHA Bypass

Release date: 29/07/2019


Last update:
29/07/2019

Vendor: Knowage-suite

Vendor site: https://www.knowage-suite.com/site/home/

Product: Knowage

Affected version(s): 6.1.1

Remediated version: 6.4

Severity Rating: Low

Impact: Operational disruption

Attack vector: Remote without authentication

CVE: CVE-2019-13190

Details: The CAPTCHA is insecurely configured in the application. It is possible to bypass the CAPTCHA control by using the same valid CAPTCHA code for each request. This would only require an attacker to manually visit the page first to obtain the valid CAPTCHA code, then it can be automated to submit multiple requests. This could flood the application with numerous fake/spam accounts.

signup2

Recommendation: Update to the latest patch.

Discovered by: David Chadwick from Content Security Pty. Ltd.


Recent Posts

Three Types of Security Threats and How to Guard Against Them

read more

How to Manage Security In The New World of Cloud Computing

read more

How to implement largescale IT programs without losing your mind

read more