Описание
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lanap_botdetect:captcha_asp.net:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00746
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."
EPSS
Процентиль: 73%
0.00746
Низкий
5 Medium
CVSS2
Дефекты
CWE-264