General Information

Chosen CAPTCHA Text Abuse

Variants:
Direct 

Also Known As:
Client-generated CAPTCHA, The Chosen CAPTCHA Text attack

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Session Management, Anti-Automation, Secure Design

Invented In:
28/02/2012

Added In:
19/12/2014


Vector Operation Method:
Bypass an improper implementation of a CAPTCHA in which the client-side sends the designated seed value to the CAPTCHA generation service, and thus, already knowing part or all of the answer.


Direct Variant:

Chosen CAPTCHA Text Abuse

Variant Title:
Chosen CAPTCHA Text Abuse

Typical Severity:
Medium

Learn More: