Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19705
HistoryApr 21, 2008 - 12:00 a.m.

Deciphering the Simple Machines Forum audio Captcha

2008-04-2100:00:00
vulners.com
28
JSON

The Simple Machine’s Forum audio Captcha that has been hardened from attack. I have contacted SMF
about this flaw and it has been verified.

I go into greater detail of how i am able to break this captcha here:
http://www.rooksecurity.com/blog/?p=6

Exploit Code: http://www.rooksecurity.com/exploits/smf_captcha.zip

This captcha has been broken before and exploit code is available here:
http://www.securityfocus.com/archive/1/471641 . The fix was to add a randomly generated static.

I was able to write code to decipher the audio file using a Fuzzy Logic comparison
http://en.wikipedia.org/wiki/Fuzzy_logic . The comparison is the Hamming Distance
http://en.wikipedia.org/wiki/Hamming_distance between the original audio file and the damaged one
generated by the Captcha.

peace

JSON