[Japanese]

JVNDB-2015-000030

Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass

Overview

Google Captcha (reCAPTCHA) by BestWebSoft is a plugin for WordPress. Google Captcha (reCAPTCHA) by BestWebSoft contains a CAPTCHA authentication bypass vulnerability (CWE-254).
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


BestWebSoft
  • Google Captcha (reCAPTCHA) by BestWebSoft V1.12 and earlier

Impact

If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without authentication.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

BestWebSoft
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-0890
References

  1. JVN : JVN#55063777
  2. National Vulnerability Database (NVD) : CVE-2015-0890
Revision History

  • [2015/03/03]
      Web page was published
    [2015/03/04]
      References : Content was added