Captcha Image Detected

OWASP 2013-A2 OWASP 2017-A2 CWE-804

A CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart, that represents a type of challenge-response test. This is used by the web application to determine whether or not the user is human. There are many servers that use a Captcha image for security mechanisms. CAPTCHA protection is an ineffective security mechanism and is the best use for “rate limiting” protection. The current CAPTCHA system can be easily cracked by online services.

Impact

The impact include:-

  • Insecure application

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try not to store any CAPTCHA information except the image on the client side.
  • Don’t give control to the client over the CAPTCHA content.
  • Make CAPTCHA always randomly generate images without the possibility of image preprocessing, segmentation and classification.
  • Try not to reuse CAPTCHA images.

Latest Articles