CWE-804 - Guessable CAPTCHA
CWE-804
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Guessable CAPTCHA
- Description
The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks. There can be several different causes of a guessable CAPTCHA:
- Common Consequences
Scope: Access Control, Other
Impact: Bypass Protection Mechanism, Other
Notes: When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA.
- Related Weaknesses
- Release Date:
- 2010-02-16
- Latest Modification Date:
- 2023-10-26