General Information

Client-side CAPTCHA Logic Abuse

Variants:
Direct 

Also Known As:
Client-side storage and hidden fields, Client-side CAPTCHA Verification

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Session Management, Anti-Automation

Invented In:
01/01/2000

Added In:
19/12/2014


Vector Operation Method:
Bypass an improper implementation of a CAPTCHA in which the answer is stored or verified in the client side


Direct Variant:

Client-side CAPTCHA Logic Abuse

Also Known As:
Client-side storage and hidden fields, Client-side CAPTCHA Verification

Typical Severity:
Medium

Learn More: