Captcha and Textimage Modules for Drupal Security Validation Bypass Vulnerability

A vulnerability has been identified in Captcha and Textimage (modules for Drupal), which could be exploited by remote attackers to bypass security restrictions. This issue is due to an input validation error when processing certain responses, which could be exploited by attackers or automated systems to bypass the captcha validation and post arbitrary data.


Affected Products
Captcha (module for Drupal) versions prior to 4.7.x-1.2
Captcha (module for Drupal) versions prior to 5.x-1.1
Textimage (module for Drupal) versions prior to 4.7.x-1.2
Textimage (module for Drupal) versions prior to 5.x-1.1


Solution
Upgrade to Captcha version 4.7.x-1.2 or 5.x-1.1 :
http://drupal.org/project/captcha


Upgrade to Textimage version 4.7.x-1.2 or 5.x-1.1 :
http://drupal.org/project/textimage


References
http://www.frsirt.com/english/advisories/2007/0431
http://drupal.org/node/114364
http://drupal.org/node/114519

Leave a Reply