{"id": "CVE-2006-2918", "bulletinFamily": "NVD", "title": "CVE-2006-2918", "description": "The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by \"replaying the ViewState for a known number.\"", "published": "2006-06-23T21:06:00", "modified": "2018-10-18T16:43:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2918", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/18315", "http://www.securityfocus.com/archive/1/438159/100/0/threaded", "http://securitytracker.com/id?1016371", "https://exchange.xforce.ibmcloud.com/vulnerabilities/27409", "http://www.symantec.com/enterprise/research/SYMSA-2006-005.txt", "http://securityreason.com/securityalert/1139", "http://secunia.com/advisories/20830", "http://www.vupen.com/english/advisories/2006/2518"], "cvelist": ["CVE-2006-2918"], "type": "cve", "lastseen": "2019-05-29T18:08:32", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "bc6f0bc01d8d2a3563ea808a19d81cca"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "441eabe35199b8ad9c3d0a112fcae579"}, {"key": "cpe23", "hash": "82b28a3d9389f545e12f2258f15ffa05"}, {"key": "cvelist", "hash": "05202e67dd4393173b663fda03bba5f9"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "fa12e087f68642fcaefafba0d4583885"}, {"key": "description", "hash": "9ec8ed0447f02efe8e171e9669a5486b"}, {"key": "href", "hash": "65b2e76a39f64dd1c5dd91816c86071e"}, {"key": "modified", "hash": "5d6aeb0a48df530a8ac5b7caf9407c49"}, {"key": "published", "hash": "e3c6b5b57c4546d1294c1e2a4824b25c"}, {"key": "references", "hash": "582d35a1e90c63785c6ec4f624dbe4f9"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1ea6ded39b7cfadf95f46ae74e6901f9"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d7644dddd307e574a507d21afa16e6bbef714b2aee5b1f512d3f9a6c8373bcda", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:13320"]}, {"type": "osvdb", "idList": ["OSVDB:26812"]}], "modified": "2019-05-29T18:08:32"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:08:32"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:lanap_botdetect:captcha_asp.net:*"], "affectedSoftware": [{"name": "lanap_botdetect captcha_asp.net", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:lanap_botdetect:captcha_asp.net:*:*:*:*:*:*:*:*"], "cwe": ["CWE-264"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:20830](https://secuniaresearch.flexerasoftware.com/advisories/20830/)\nOther Advisory URL: http://www.symantec.com/enterprise/research/SYMSA-2006-005.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0508.html\nKeyword: SYMSA-2006-005\n[CVE-2006-2918](https://vulners.com/cve/CVE-2006-2918)\nBugtraq ID: 18315\n", "modified": "2006-06-23T07:19:01", "published": "2006-06-23T07:19:01", "href": "https://vulners.com/osvdb/OSVDB:26812", "id": "OSVDB:26812", "type": "osvdb", "title": "Lanap BotDetect ASP.NET CAPTCHA ViewState Bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:18", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSymantec Vulnerability Research\r\n\r\nhttp://www.symantec.com/research\r\nSecurity Advisory\r\n\r\nAdvisory ID : SYMSA-2006-005\r\nAdvisory Title: Lanap CAPTCHA bypass exposure\r\nAuthor : Michael White, michael_white@symantec.com and\r\n Graham Murphy, graham_murphy@symantec.com\r\nRelease Date : 23-06-2006\r\nApplication : BotDetect Lanap CAPTCHA component\r\nPlatform : ASP.NET\r\nSeverity : Low/Limited exposure\r\nVendor status : Vendor verified, patch available\r\nCVE Number : CVE-2006-2918\r\nReference : http://www.securityfocus.com/bid/18315\r\n\r\n\r\nOverview:\r\n\r\n The CAPTCHA component for ASP.NET provided by Lanap may be\r\n completely bypassed, thus undermining the security benefit\r\n of the CAPTCHA technology.\r\n\r\n\r\nDetails:\r\n\r\n During a consulting engagement, Symantec identified that the\r\n Lanap CAPTCHA component stores the UUID and hash for a given\r\n CAPTCHA within the page ViewState. By replaying the ViewState\r\n for a known number, a remote attacker may avoid the CAPTCHA\r\n entirely.\r\n\r\n This behaviour is dependent on the way in which the Lanap\r\n component is integrated, however numerous examples including\r\n Lanap's demo code are identified as exhibiting this behaviour.\r\n\r\n\r\nVendor Response:\r\n\r\n The above vulnerability has been fixed in the latest release\r\n of the product, BotDetect ASP.NET CAPTCHA 1.5.4.0.\r\n\r\n Licensed and evaluation versions of Lanap BotDetect ASP.NET\r\n CAPTCHA are available for customer download from the Lanap\r\n website at http://www.lanapsoft.com\r\n\r\n If there are any further questions about this statement, please\r\n contact Lanap support.\r\n\r\nRecommendation:\r\n\r\n Upgrade to the latest release of the product,\r\n BotDetect ASP.NET CAPTCHA 1.5.4.0.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe following names to these issues. These are candidates for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n\r\n CVE-2006-2918\r\n\r\n- - - - -------Symantec Vulnerability Research Advisory Information-------\r\n\r\nFor questions about this advisory, or to report an error:\r\nresearch@symantec.com\r\n\r\nFor details on Symantec's Vulnerability Reporting Policy:\r\nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\r\n\r\nSymantec Vulnerability Research Advisory Archive:\r\nhttp://www.symantec.com/research/\r\n\r\nSymantec Vulnerability Research GPG Key:\r\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\r\n\r\n- - - - -------------Symantec Product Advisory Information-------------\r\n\r\nTo Report a Security Vulnerability in a Symantec Product:\r\nsecure@symantec.com\r\n\r\nFor general information on Symantec's Product Vulnerability reporting and response:\r\nhttp://www.symantec.com/security/\r\n\r\nSymantec Product Advisory Archive:\r\nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\r\n\r\nSymantec Product Advisory PGP Key:\r\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\r\n\r\n- - - - ---------------------------------------------------------------\r\n\r\nCopyright (c) 2006 by Symantec Corp.\r\nPermission to redistribute this alert electronically is granted\r\nas long as it is not edited in any way unless authorized by\r\nSymantec Consulting Services. Reprinting the whole or part of\r\nthis alert in any medium other than electronically requires\r\npermission from cs_advisories@symantec.com.\r\n\r\nDisclaimer\r\nThe information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information.\r\nUse of the information constitutes acceptance for use in an\r\nAS IS condition. There are no warranties with regard to this\r\ninformation.\r\nNeither the author nor the publisher accepts any liability\r\nfor any direct, indirect, or consequential loss or damage\r\narising from use of, or reliance on, this information.\r\n\r\nSymantec, Symantec products, and Symantec Consulting Services\r\nare registered trademarks of Symantec Corp. and/or affiliated\r\ncompanies in the United States and other countries. All other\r\nregistered and unregistered trademarks represented in this\r\ndocument are the sole property of their respective\r\ncompanies/owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\r\n\r\niD8DBQFEmZKGuk7IIFI45IARAshOAJ9/x0C9NsmCuo43amlpnOAGKtonPgCg2XPQ\r\ndBEH77ubEwyEjWGaFiTt4bw=\r\n=QhH/\r\n-----END PGP SIGNATURE-----", "modified": "2006-06-25T00:00:00", "published": "2006-06-25T00:00:00", "id": "SECURITYVULNS:DOC:13320", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13320", "title": "SYMSA-2006-005", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}