Read Time:27 Second
Description
The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Access Control, Other: Bypass Protection Mechanism, Other
When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA.
Potential Mitigations
CVE References