oss-sec mailing list archives
Re: CVE Request: CAPTCHA bypass in MantisBT
From: cve-assign () mitre org
Date: Wed, 26 Nov 2014 23:12:25 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd https://www.mantisbt.org/bugs/view.php?id=17811
Use session rather than form key for captcha
Use CVE-2014-9117. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUdqMOAAoJEKllVAevmvmszB4IAJoBUTi5IJUsPH65tiLEjH4k 6YR4uZ7FJNy6lhDa5r0IwD6CfWcksgyvj3oPdI1SBp8308H8WpT+QaXzaSQxVlEy QOOf8AztSjIR+PHNJZmzEFxp5J3WVsKq53UbIa0u83WwhencGohGNwABujR28A/X 2ARnctHzt8+YEUyhLTcAsYqAzgusvozVuN4sGiIdBwXRMzO6y+bbtqhe+nplBSbs LY0r8pfz1Zvlz2sRaq73ySBSGhWKtF2FRoirvbuEPkwg+VlUaFT//nnWm06IfOF9 3u5F2jpRsb95OX9U6+OlPYxqZyTsI7P4840ZAarDBMgwHc1BVGTfbfprjxDKSco= =Tmxs -----END PGP SIGNATURE-----
Current thread:
- CVE Request: CAPTCHA bypass in MantisBT Damien Regad (Nov 26)
- Re: CVE Request: CAPTCHA bypass in MantisBT cve-assign (Nov 26)