CWE-804 - Guessable CAPTCHA

  • 摘要:Base
  • 结构:Simple
  • 状态:Incomplete
  • 发布日期:2010-02-16
  • 更新日期:2023-10-26

名称

Guessable CAPTCHA

描述

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks. There can be several different causes of a guessable CAPTCHA:

常见后果

范围:Access Control, Other

影响:Bypass Protection Mechanism, Other

注释:When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA.

相关 CWE