Back

Captcha Image Detected

By
Nash N Sulthan
Published on
02 Jul 2018

A CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart, that represents a type of challenge-response test. This is used by the web application to determine whether or not the user is human. There are many servers that use a Captcha image for security mechanisms. CAPTCHA protection is an ineffective security mechanism and is the best use for “rate limiting” protection. The current CAPTCHA system can be easily cracked by online services.

Impact

The impact include:-

  • Insecure application

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try not to store any CAPTCHA information except the image on the client side.
  • Don’t give control to the client over the CAPTCHA content.
  • Make CAPTCHA always randomly generate images without the possibility of image preprocessing, segmentation and classification.
  • Try not to reuse CAPTCHA images.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour