A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology.
- Threat actor fills up a feedback form with the wrong captcha
- Server sends a request to answer the captcha correctly
- Threat actor fills up a feedback form with null
- Sever does not handle null properly and continues to process the request
Vary
- Perform unauthorized action
- Different captcha
- Device fingerprinting
d9d7a4e5-dfa6-4d7a-a5c2-65799113437d