3 matches found
EUVD-2008-2017
Malware in sbrugna...
Design/Logic Flaw
Simple Machines Forum SMF, probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file aka audio CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists...
CVE-2007-3308
The CVE-2007-3308 entry concerns Simple Machines Forum (SMF) version 1.1.2, where the WAV file CAPTCHA is created by a concatenation method with insufficient randomization. This flaw allows remote attackers to bypass the CAPTCHA via automated brute-force attempts. The provided records indicate no...