Twitter: Captcha bypass with extension at

ID H1:15047
Type hackerone
Reporter vineet
Modified 2014-09-22T11:44:52



These days Captcha's are one of the most vulnerable methods To Protect The Website From Bots, But there is a Extension Named Rumola Which Automatically Fills up the Captcha While We Fill Other Credentials like Email etc. Here a Vulnerability Arises That Bots May Use This Extension Script in their Interface To Bypass the Captcha Check. it may lead to flooding in database too.

As a possible Fix, you can Replace Captcha check with- 1) A Honeypot Trap or 2) A simple Task or 3) Skill testing Question.