General Information

Chosen CAPTCHA Identifier Abuse

Variants:
Direct 

Also Known As:
Chosen CAPTCHA Identifier

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Session Management, Anti-Automation, Secure Design

Invented In:
28/02/2012

Added In:
19/12/2014


Vector Operation Method:
Bypass an improper implementation of a CAPTCHA in which the client-side causes the new CAPTCHA creation using JS that creates or refers to a new CAPTCHA creation service while providing the generated CAPTCHA identifier to the verification service.


Direct Variant:

Chosen CAPTCHA Identifier Abuse

Variant Title:
Chosen CAPTCHA Identifier Abuse

Typical Severity:
Medium

Learn More: