Security Hero Rotating Header Image

D-Link’s CAPTCHA – A Big Question on Security

D-Links CAPTCHA V A Big Question on Security

As per the security report, it took nearly a week for the researchers at SourceSec to detect a flaw in the implementation of CAPTCHA (completely automated public Turing test to tell humans and computers apart) by D-Link in its routers, which was originally meant to stop the malware that changes DNS from attaining its goal automatically.

SouceSec stated that the flaw in implementation allowed a malware/attacker to obtain Wi-Fi Protected Access (WPA) passphrase that too by means of merely user-level access, and without a properly solved CAPTCHA. This is apparently because the authentication system based on CAPTCHA was improperly integrated into some of the pages.

Further, a combination of simple JavaScript code using anti-DNS (Domain Name System) may be implemented without having the need for attacker to install the malware on router. Rather, the assault can be launched by visiting a site. In other words, a D-Link user’s visit to a site with its router may simply result in downloading of malware on his/her system, all due to this malicious flaw.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31427

Leave a Reply

Powered by WP Hashcash

Spam Protection by WP-SpamFree

Bad Behavior has blocked 530 access attempts in the last 7 days.