Lanap BotDetect APS.NET CAPTCHA组件 访问验证错误漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194407 漏洞类型 权限许可和访问控制
发布时间 2006-06-23 更新时间 2006-06-23
CVE编号 CVE-2006-2918 CNNVD-ID CNNVD-200606-481
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/18315
https://cxsecurity.com/issue/WLB-2006060143
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-481
|漏洞详情
LanapBotDetectAPS.NETCAPTCHA组件1.5.4.0之前版本将CAPTCHA的UUID和散列储存在页面的ViewState中,远程攻击者通过"未知次数的ViewState重放"来进行自动攻击。
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Symantec Vulnerability Research

http://www.symantec.com/research

Security Advisory

Advisory ID   : SYMSA-2006-005

Advisory Title: Lanap CAPTCHA bypass exposure

Author        : Michael White, michael_white (at) symantec (dot) com [email concealed] and

Graham Murphy, graham_murphy (at) symantec (dot) com [email concealed]

Release Date  : 23-06-2006

Application   : BotDetect Lanap CAPTCHA component

Platform      : ASP.NET

Severity      : Low/Limited exposure

Vendor status : Vendor verified, patch available

CVE Number    : CVE-2006-2918

Reference     : http://www.securityfocus.com/bid/18315

Overview:

The CAPTCHA component for ASP.NET provided by Lanap may be

completely bypassed, thus undermining the security benefit

of the CAPTCHA technology.

Details:

During a consulting engagement, Symantec identified that the

Lanap CAPTCHA component stores the UUID and hash for a given

CAPTCHA within the page ViewState. By replaying the ViewState

for a known number, a remote attacker may avoid the CAPTCHA

entirely.

This behaviour is dependent on the way in which the Lanap

component is integrated, however numerous examples including

Lanap's demo code are identified as exhibiting this behaviour.

Vendor Response:

The above vulnerability has been fixed in the latest release

of the product, BotDetect ASP.NET CAPTCHA 1.5.4.0.

Licensed and evaluation versions of Lanap BotDetect ASP.NET

CAPTCHA	are available for customer download from the Lanap

website at http://www.lanapsoft.com

If there are any further questions about this statement, please

contact Lanap support.

Recommendation:

Upgrade to the latest release of the product,

BotDetect ASP.NET CAPTCHA 1.5.4.0.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned

the following names to these issues.  These are candidates for

inclusion in the CVE list (http://cve.mitre.org), which standardizes

names for security problems.

CVE-2006-2918

- - - - -------Symantec Vulnerability Research Advisory Information-------

For questions about this advisory, or to report an error:

research (at) symantec (dot) com [email concealed]

For details on Symantec's Vulnerability Reporting Policy:

http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive:

http://www.symantec.com/research/

Symantec Vulnerability Research GPG Key:

http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc

- - - - -------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product:

secure (at) symantec (dot) com [email concealed]

For general information on Symantec's Product Vulnerability reporting and response:

http://www.symantec.com/security/

Symantec Product Advisory Archive:

http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key:

http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.a
sc

- - - - ---------------------------------------------------------------

Copyright (c) 2006 by Symantec Corp.

Permission to redistribute this alert electronically is granted

as long as it is not edited in any way unless authorized by

Symantec Consulting Services. Reprinting the whole or part of

this alert in any medium other than electronically requires

permission from cs_advisories (at) symantec (dot) com. [email concealed]

Disclaimer

The information in the advisory is believed to be accurate

at the time of publishing based on currently available information.

Use of the information constitutes acceptance for use in an

AS IS condition. There are no warranties with regard to this

information.

Neither the author nor the publisher accepts any liability

for any direct, indirect, or consequential loss or damage

arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services

are registered trademarks of Symantec Corp. and/or affiliated

companies in the United States and other countries. All other

registered and unregistered trademarks represented in this

document are the sole property of their respective

companies/owners.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEmZKGuk7IIFI45IARAshOAJ9/x0C9NsmCuo43amlpnOAGKtonPgCg2XPQ

dBEH77ubEwyEjWGaFiTt4bw=

=QhH/

-----END PGP SIGNATURE-----
|受影响的产品
Lanap BotDetect CAPTCHA ASP.NET 0
|参考资料

来源:BID
名称:18315
链接:http://www.securityfocus.com/bid/18315
来源:BUGTRAQ
名称:20060622SYMSA-2006-005
链接:http://www.securityfocus.com/archive/1/archive/1/438159/100/0/threaded
来源:www.symantec.com
链接:http://www.symantec.com/enterprise/research/SYMSA-2006-005.txt
来源:VUPEN
名称:ADV-2006-2518
链接:http://www.frsirt.com/english/advisories/2006/2518
来源:SECUNIA
名称:20830
链接:http://secunia.com/advisories/20830
来源:XF
名称:lanap-botdetect-captcha-security-bypass(27409)
链接:http://xforce.iss.net/xforce/xfdb/27409
来源:SECTRACK
名称:1016371
链接:http://securitytracker.com/id?1016371
来源:SREASON
名称:1139
链接:http://securityreason.com/securityalert/1139