First published: Sat Dec 06 2014(Updated: )
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mantisbt Mantisbt | <=1.2.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.