Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for base64captcha by mojotv

    CVE-2023-45292 (GCVE-0-2023-45292)

    Vulnerability from nvd – Published: 2023-12-11 21:51 – Updated: 2024-08-02 20:21
    VLAI
    Title
    Captcha verification bypass in github.com/mojocn/base64Captcha
    Summary
    When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
    Severity
    No CVSS data available.
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Go
    Impacted products
    Credits
    @cangkuai
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/issues/120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2386"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "github.com/mojocn/base64Captcha",
              "product": "github.com/mojocn/base64Captcha",
              "programRoutines": [
                {
                  "name": "memoryStore.Verify"
                }
              ],
              "vendor": "github.com/mojocn/base64Captcha",
              "versions": [
                {
                  "lessThan": "1.3.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "@cangkuai"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305: Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-11T21:51:16.055Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://github.com/mojocn/base64Captcha/issues/120"
            },
            {
              "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
            },
            {
              "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2386"
            }
          ],
          "title": "Captcha verification bypass in github.com/mojocn/base64Captcha"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-45292",
        "datePublished": "2023-12-11T21:51:16.055Z",
        "dateReserved": "2023-10-06T17:06:26.221Z",
        "dateUpdated": "2024-08-02T20:21:15.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45292 (GCVE-0-2023-45292)

    Vulnerability from cvelistv5 – Published: 2023-12-11 21:51 – Updated: 2024-08-02 20:21
    VLAI
    Title
    Captcha verification bypass in github.com/mojocn/base64Captcha
    Summary
    When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
    Severity
    No CVSS data available.
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Go
    Impacted products
    Credits
    @cangkuai
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/issues/120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2386"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "github.com/mojocn/base64Captcha",
              "product": "github.com/mojocn/base64Captcha",
              "programRoutines": [
                {
                  "name": "memoryStore.Verify"
                }
              ],
              "vendor": "github.com/mojocn/base64Captcha",
              "versions": [
                {
                  "lessThan": "1.3.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "@cangkuai"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305: Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-11T21:51:16.055Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://github.com/mojocn/base64Captcha/issues/120"
            },
            {
              "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
            },
            {
              "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2386"
            }
          ],
          "title": "Captcha verification bypass in github.com/mojocn/base64Captcha"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-45292",
        "datePublished": "2023-12-11T21:51:16.055Z",
        "dateReserved": "2023-10-06T17:06:26.221Z",
        "dateUpdated": "2024-08-02T20:21:15.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }