Limited CAPTCHA Repository Abuse
Variants:
Direct
Also Known As:
Limited Set CAPTCHAs
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Session Management, Anti-Automation, Secure Design
Invented In:
01/01/2000
Added In:
19/12/2014
Vector Operation Method:
Bypass an improper implementation of a CAPTCHA in which the set of challenges is pregenerated and limited and can be enumerated using a reasonable effort, while the CAPTCHA content-signatures could eventually be used to create an answer repository similar to a rainbow table. Examples may include a limited set of challenge images, a small set of predefined questions, etc.
