Vulnerability : Server Security Misconfiguration - Random Record Creation / No reCaptcha

Ismail Tasdelen pentestdatabase at gmail.com
Fri May 4 00:37:39 EDT 2018


 Hello Security Team,

I'm sending this security report for Bugbounty. The registration page does
not use reCAPTCHA, and random random register requests can be performed on
pages that do not have real user control. The owasp web security community
also recommends using reCaptcha on the form pages.

Vulnerability : Server Security Misconfiguration - Weak Captcha / No
reCaptcha

Affected addresses : https://developer.pidgin.im/register



If you publish your step as CVE, you will be delighted (:

I'm waiting for you to come back, please come back on the subject.

*Good works *¯\_(ツ)_/¯
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180504/972ed4f0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 100258 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180504/972ed4f0/attachment-0001.png>


More information about the security mailing list