Back to search
CVE-2014-9117
Published: Dec 6, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
71321
vdb-entry
x_refsource_BID
mantisbt-cve20149117-sec-bypass(99004)
vdb-entry
x_refsource_XF
[oss-security] 20141126 CVE Request: CAPTCHA bypass in MantisBT
mailing-list
x_refsource_MLIST
[oss-security] 20141126 Re: CVE Request: CAPTCHA bypass in MantisBT
mailing-list
x_refsource_MLIST
62101
third-party-advisory
x_refsource_SECUNIA
https://www.mantisbt.org/bugs/view.php?id=17811
x_refsource_CONFIRM
https://github.com/mantisbt/mantisbt/commit/7bb78e45
x_refsource_CONFIRM
DSA-3120
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now