General Information

Arithmetic CAPTCHA Abuse

Variants:
Direct 

Also Known As:
Arithmetic CAPTCHA

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Session Management, Anti-Automation, Secure Design

Invented In:
28/02/2012

Added In:
19/12/2014


Vector Operation Method:
Bypass an improper implementation of a CAPTCHA in which the challenge is an arithmetic operation is presented in clear-text, and thus parsed and answered.


Direct Variant:

Arithmetic CAPTCHA Abuse

Variant Title:
Arithmetic CAPTCHA Abuse

Typical Severity:
Medium

Learn More: