Lucene search
K

AWS CAPTCHA Bypass

🗓️ 27 Apr 2016 00:00:00Reported by David LeoType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 33 Views

AWS CAPTCHA Bypass - Login without CAPTCHA using specific browser and prox

Code
`The process of AWS login has a feature: if you use "fresh" browser(no cookie, no cache, etc) to sign in, put correct email and correct password there, CAPTCHA is required("To better protect your account, please re-enter your password and then enter the characters as they are shown in the image below").  
  
And I accidentally noticed this feature can be easily bypassed:  
  
MY SYSTEM  
Knoppix 7.6.0 on Read-Only USB Stick - always "fresh" upon booting  
Chromium 46 - not the latest  
"US-WEST-2" EC2 Instance as proxy - always the same IP  
  
MY STEPS  
  
1. Use Chromium to visit https://console.aws.amazon.com/  
2. Put correct email and correct password there, and sign in  
3. CAPTCHA is required  
  
4. Clear cookie cache etc in Chromium  
5. Use Chromium under "Lock Browser"(lockbrowser.com) with "txt/https-whitelist.txt" configured as the following:  
----------  
amazon.com  
d3rrzw75sdtfe5.cloudfront.net  
d3a94n0r6dqtjm.cloudfront.net  
d2q66yyjeovezo.cloudfront.net  
d3rn69q7afuxu6.cloudfront.net  
d257l1zb7u5fh9.cloudfront.net  
----------  
6. Visit https://console.aws.amazon.com/ ... it should be an ugly page because CSS etc fails to load.  
7. Put correct email and correct password there, and sign in  
8. CAPTCHA is NOT required  
  
ABOUT  
I noticed this weird thing because I'm super lazy - don't add domains to whitelist if it works. Later, I thought, "oops, CAPTCHA is gone". Of course, I contacted Amazon, and they said it's not a bug.  
  
REQUEST FOR COMMENT  
1. Can you reproduce this?  
2. Is this thing a bug or not?  
  
Kind Regards,  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation