发布时间 :2006-06-23 17:06:00
修订时间 :2017-07-19 21:31:53

[原文]The Lanap BotDetect APS.NET CAPTCHA component before stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."

[CNNVD]Lanap BotDetect APS.NET CAPTCHA组件 访问验证错误漏洞(CNNVD-200606-481)

        Lanap BotDetect APS.NET CAPTCHA组件1.5.4.0之前版本将CAPTCHA的UUID和散列储存在页面的ViewState中,远程攻击者通过"未知次数的ViewState重放"来进行自动攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BUGTRAQ  20060622 SYMSA-2006-005
(PATCH)  BID  18315
(UNKNOWN)  XF  lanap-botdetect-captcha-security-bypass(27409)

- 漏洞信息

Lanap BotDetect APS.NET CAPTCHA组件 访问验证错误漏洞
中危 访问验证错误
2006-06-23 00:00:00 2006-06-30 00:00:00
        Lanap BotDetect APS.NET CAPTCHA组件1.5.4.0之前版本将CAPTCHA的UUID和散列储存在页面的ViewState中,远程攻击者通过"未知次数的ViewState重放"来进行自动攻击。

- 公告与补丁

        厂商已发布1.5.4.0版本的BotDetect CAPTCHA ASP.NET来解决此问题。

- 漏洞信息 (F47765)

SYMSA-2006-005.txt (PacketStormID:F47765)
2006-06-27 00:00:00

Symantec Vulnerability Research Security Advisory SYMSA-2006-005 - The CAPTCHA component for ASP.NET provided by Lanap may be completely bypassed, thus undermining the security benefit of the CAPTCHA technology.

Hash: SHA1

Symantec Vulnerability Research
Security Advisory

Advisory ID   : SYMSA-2006-005
Advisory Title: Lanap CAPTCHA bypass exposure
Author        : Michael White, and
		Graham Murphy,
Release Date  : 23-06-2006
Application   : BotDetect Lanap CAPTCHA component
Platform      : ASP.NET
Severity      : Low/Limited exposure
Vendor status : Vendor verified, patch available
CVE Number    : CVE-2006-2918
Reference     :


	The CAPTCHA component for ASP.NET provided by Lanap may be
	completely bypassed, thus undermining the security benefit
	of the CAPTCHA technology.


	During a consulting engagement, Symantec identified that the
	Lanap CAPTCHA component stores the UUID and hash for a given
	CAPTCHA within the page ViewState. By replaying the ViewState
	for a known number, a remote attacker may avoid the CAPTCHA

	This behaviour is dependent on the way in which the Lanap
	component is integrated, however numerous examples including
	Lanap's demo code are identified as exhibiting this behaviour.

Vendor Response:

	The above vulnerability has been fixed in the latest release
	of the product, BotDetect ASP.NET CAPTCHA

	Licensed and evaluation versions of Lanap BotDetect ASP.NET
	CAPTCHA	are available for customer download from the Lanap
	website at

	If there are any further questions about this statement, please
	contact Lanap support.


	Upgrade to the latest release of the product,

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (, which standardizes
names for security problems.


- - - - -------Symantec Vulnerability Research Advisory Information-------

For questions about this advisory, or to report an error:

For details on Symantec's Vulnerability Reporting Policy:

Symantec Vulnerability Research Advisory Archive:

Symantec Vulnerability Research GPG Key:

- - - - -------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product:

For general information on Symantec's Product Vulnerability reporting and response:

Symantec Product Advisory Archive:

Symantec Product Advisory PGP Key:

- - - - ---------------------------------------------------------------

Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert electronically is granted
as long as it is not edited in any way unless authorized by
Symantec Consulting Services. Reprinting the whole or part of
this alert in any medium other than electronically requires
permission from

The information in the advisory is believed to be accurate
at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an
AS IS condition. There are no warranties with regard to this
Neither the author nor the publisher accepts any liability
for any direct, indirect, or consequential loss or damage
arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services
are registered trademarks of Symantec Corp. and/or affiliated
companies in the United States and other countries. All other
registered and unregistered trademarks represented in this
document are the sole property of their respective
Version: GnuPG v1.4.2.2 (GNU/Linux)


- 漏洞信息

Lanap BotDetect ASP.NET CAPTCHA ViewState Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
Access Validation Error 18315
Yes No
2006-06-23 12:00:00 2006-06-23 08:25:00
Michael White <> and Graham Murphy <> are credited with the discovery of this issue.

- 受影响的程序版本

Lanap BotDetect CAPTCHA ASP.NET 0
Lanap BotDetect CAPTCHA ASP.NET 1.5.4 .0

- 不受影响的程序版本

Lanap BotDetect CAPTCHA ASP.NET 1.5.4 .0

- 漏洞讨论

Lanap BotDetect is prone to a weakness that may allow attackers to bypass the CAPTCHA mechanism.

Exploiting this issue may aid malicious users in further attacks. The specific impact of exploiting this issue depends on the particular service that the software is employed to protect.

BotDetect CAPTCHA ASP.NET versions prior to are affected by this issue.

- 漏洞利用

Attackers use standard network utilities to exploit this issue.

- 解决方案

The vendor has released version of BotDetect CAPTCHA ASP.NET to address this issue.

- 相关参考