CVE-2008-7216 – Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass

https://notcve.org/view.php?id=CVE-2008-7216

Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. La extensión Peter's Math Anti-Spam Spinoff para WordPress genera un clip de audio CAPTCHA concatenando ficheros de audio estático sin distorsiones adicionales, lo que permite a atacantes remotos saltarse la protección CAPTCHA leyendo los byte concretos del clip generado. The Peter's Math Anti-Spam Spinoff plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to 1.0.0. This is due to the plugin generating audio CAPTCHA clips by concatenating static audio files without any additional distortion. This makes it possible for unauthenticated attackers to bypass the Captcha Verification by reading certain bytes from the generated clip. • https://www.exploit-db.com/exploits/31029 http://docs.google.com/View?docid=df36cd52_19xzmkwqcg http://www.securityfocus.com/archive/1/486331/100/200/threaded http://www.securityfocus.com/bid/27287 https://exchange.xforce.ibmcloud.com/vulnerabilities/39688 • CWE-264: Permissions, Privileges, and Access Controls CWE-804: Guessable CAPTCHA •