Numeric captcha not reliable
-
Hi Dev,
(Sorry for my bad english)
I am a developer and cracker. While I was in a hunt to search a reliable wordpress secure login captcha plugin I found yours. I was able to reverse engineer the numeric captcha where you save your info as a hidden field. The problem here is while I visit manually first I will ne able to calculate the answer and I will note down the hidden field values for “aiowps-captcha-string-info”, “aiowps-captcha-temp-string”. Later I will be able to hit website with the know values of captcha using a curl request to find out the username password(brute force algorithm) resulting your captcha will be totally ignored.
ie)
Field Value
aiowps-captcha-string-info MTQxOTg0MzkwMTJjNG1ydjZtOXRmbW1vb3hrcmo3MTA=
aiowps-captcha-temp-string 1419843901
aiowps-captcha-answer 10I will use the above field-values to break the captcha.
I really loved the idea of Cookie Based Brute Force Login but I when I thought of using this plugin I found a tiny loophole in captcha.
https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/
- The topic ‘Numeric captcha not reliable’ is closed to new replies.