CAPTCHA Re-Riding
Variants:
Direct
Also Known As:
CAPTCHA Accumulation
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Session Management, Anti-Automation, Secure Design
Invented In:
28/02/2012
Added In:
19/12/2014
Vector Operation Method:
Abuse CAPTCHA verification mechanisms that do not truncate the session flag containing the answer or successful verification status by reusing the session identifier associated with the answer or the status.
