Authentication Bypass by Spoofing
CVE-2017-11717
Summary
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
References
Advisory Timeline
- Published