Is reCAPTCHA vulnerable to session replay?
136 views
Skip to first unread message
Cycnus
May 31, 2007, 3:18:48 AM5/31/07
to reCAPTCHA
As described in this article on PureMango.com.uk?
http://www.puremango.co.uk/cm_breaking_captcha_115.php
http://www.puremango.co.uk/cm_breaking_captcha_115.php
I'm curious about possible side-attacks to bypass reCAPTCHA
altogether.
Renaud Bompuis
http://renaud.nkaworld.com
http://blog.nkaworld.com
reCAPTCHA Support
May 31, 2007, 3:28:50 AM5/31/07
to reca...@googlegroups.com
No, we are not subject to this attack, we only allow a given recaptcha session to be used once. Even if a bug in reCAPTCHA did allow replay, it would have limited use each recaptcha session has the public key of the site embedded in to the signed session identifier. Thus the session can only be used on the originating site.
-Ben
-Ben
Cycnus
May 31, 2007, 3:47:05 AM5/31/07
to reCAPTCHA
Thanks for the quick response and the clarification, I think it's an
important one.
important one.
Renaud Bompuis
http://blog.nkaworld.com
http://renaud.nkaworld.com
Cycnus
May 31, 2007, 3:47:09 AM5/31/07
to reCAPTCHA
Reply all
Reply to author
Forward
0 new messages