SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Lanap BotDetect Vendors:   Lanap
Lanap BotDetect CAPTCHAs Can Be Bypassed By Remote Users
SecurityTracker Alert ID:  1016371
SecurityTracker URL:  http://securitytracker.com/id/1016371
CVE Reference:   CVE-2006-2918   (Links to External Site)
Date:  Jun 24 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): BotDetect ASP.NET CAPTCHA component prior to 1.5.4.0
Description:   A vulnerability was reported in Lanap BotDetect. The CAPTCHAs can be bypassed.

A remote user can replay a previous ViewState parameter value to bypass the CAPTCHA entirely.

The specific impact depends on how the CAPTCHA component is integrated with the system.

Michael White and Graham Murphy of Symantec Research discovered this vulnerability.

Impact:   A remote user can bypass the CAPTCHA.
Solution:   The vendor has issued a fixed version of the BotDetect ASP.NET CAPTCHA (1.5.4.0).
Vendor URL:  www.lanapsoft.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SYMSA-2006-005

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


Symantec Vulnerability Research


http://www.symantec.com/research

Security Advisory


Advisory ID   : SYMSA-2006-005

Advisory Title: Lanap CAPTCHA bypass exposure

Author        : Michael White, michael_white@symantec.com and

		Graham Murphy, graham_murphy@symantec.com

Release Date  : 23-06-2006

Application   : BotDetect Lanap CAPTCHA component

Platform      : ASP.NET

Severity      : Low/Limited exposure

Vendor status : Vendor verified, patch available

CVE Number    : CVE-2006-2918

Reference     : http://www.securityfocus.com/bid/18315



Overview:


	The CAPTCHA component for ASP.NET provided by Lanap may be

	completely bypassed, thus undermining the security benefit

	of the CAPTCHA technology.



Details:


	During a consulting engagement, Symantec identified that the

	Lanap CAPTCHA component stores the UUID and hash for a given

	CAPTCHA within the page ViewState. By replaying the ViewState

	for a known number, a remote attacker may avoid the CAPTCHA

	entirely.


	This behaviour is dependent on the way in which the Lanap

	component is integrated, however numerous examples including

	Lanap's demo code are identified as exhibiting this behaviour.



Vendor Response:


	The above vulnerability has been fixed in the latest release

	of the product, BotDetect ASP.NET CAPTCHA 1.5.4.0.


	Licensed and evaluation versions of Lanap BotDetect ASP.NET

	CAPTCHA	are available for customer download from the Lanap

	website at http://www.lanapsoft.com


	If there are any further questions about this statement, please

	contact Lanap support.


Recommendation:


	Upgrade to the latest release of the product,

	BotDetect ASP.NET CAPTCHA 1.5.4.0.



Common Vulnerabilities and Exposures (CVE) Information:


The Common Vulnerabilities and Exposures (CVE) project has assigned

the following names to these issues.  These are candidates for

inclusion in the CVE list (http://cve.mitre.org), which standardizes

names for security problems.



  CVE-2006-2918


- - - - -------Symantec Vulnerability Research Advisory Information-------


For questions about this advisory, or to report an error:

research@symantec.com


For details on Symantec's Vulnerability Reporting Policy:

http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf


Symantec Vulnerability Research Advisory Archive:

http://www.symantec.com/research/


Symantec Vulnerability Research GPG Key:

http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc


- - - - -------------Symantec Product Advisory Information-------------


To Report a Security Vulnerability in a Symantec Product:

secure@symantec.com


For general information on Symantec's Product Vulnerability reporting and response:

http://www.symantec.com/security/


Symantec Product Advisory Archive:

http://www.symantec.com/avcenter/security/SymantecAdvisories.html


Symantec Product Advisory PGP Key:

http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc


- - - - ---------------------------------------------------------------


Copyright (c) 2006 by Symantec Corp.

Permission to redistribute this alert electronically is granted

as long as it is not edited in any way unless authorized by

Symantec Consulting Services. Reprinting the whole or part of

this alert in any medium other than electronically requires

permission from cs_advisories@symantec.com.


Disclaimer

The information in the advisory is believed to be accurate

at the time of publishing based on currently available information.

Use of the information constitutes acceptance for use in an

AS IS condition. There are no warranties with regard to this

information.

Neither the author nor the publisher accepts any liability

for any direct, indirect, or consequential loss or damage

arising from use of, or reliance on, this information.


Symantec, Symantec products, and Symantec Consulting Services

are registered trademarks of Symantec Corp. and/or affiliated

companies in the United States and other countries. All other

registered and unregistered trademarks represented in this

document are the sole property of their respective

companies/owners.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.2.2 (GNU/Linux)


iD8DBQFEmZKGuk7IIFI45IARAshOAJ9/x0C9NsmCuo43amlpnOAGKtonPgCg2XPQ

dBEH77ubEwyEjWGaFiTt4bw=

=QhH/

-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC