The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."
References
Configurations
History
No history.
Information
Published : 2006-06-23 21:06
Updated : 2024-02-28 10:42
NVD link : CVE-2006-2918
Mitre link : CVE-2006-2918
CVE.ORG link : CVE-2006-2918
JSON object : View
Products Affected
lanap_botdetect
- captcha_asp.net
CWE
CWE-264
Permissions, Privileges, and Access Controls