Possible vulnerability in JCAPTCHA Audio

Description

JCaptcha always generates the same sound file. That is, for example, the number 3408, always gives a .wav sound file wich is exactly the same sound. So it is trivial so map all the entire range of posssible captcha sounds and thus the attacker does not need to "listen" the file, just a script that downloads the sound file, check it's hash and find what number is associated with that hash. So automated attacks to bypass the captcha are trivial...

Environment

Unknown

Activity

Show:

AntoineV

December 15, 2009, 11:33 AM

Copy link to comment

I think you are right. It will be fixed in the next release

Jay Zenner

May 22, 2012, 4:47 PM

Copy link to comment

Has this issue been fixed?

Assignee

Unassigned

Reporter

hugo vazquez

Labels

None

Fix versions

2.0-alpha-2

Affects versions

1.0

Priority

Critical

Configure