Short Description
Bypassing Captcha on Loginpage
Reporting Date
- November 2023
Details
If there are too many incorrect login attempts, a Captcha puzzle is demanded. This request could be bypassed in the process after removing some querystring parameters within the authentication flow.
Impact
Low
References
- Bug Bounty ID: deface-AUDIENCE (Private)
- Internal ID: SEC-1440
❤ Thanks to
Simon Reinhart for reporting the vulnerability.
Short Description
Bypassing Captcha on Loginpage
Reporting Date
Details
If there are too many incorrect login attempts, a Captcha puzzle is demanded. This request could be bypassed in the process after removing some querystring parameters within the authentication flow.
Impact
Low
References
❤ Thanks to
Simon Reinhart for reporting the vulnerability.