Security Hero Rotating Header Image

D-Link’s CAPTCHA – A Big Question on Security

D-Link¡¦s CAPTCHA ¡V A Big Question on Security

As per the security report, it took nearly a week for the researchers at SourceSec to detect a flaw in the implementation of CAPTCHA (completely automated public Turing test to tell humans and computers apart) by D-Link in its routers, which was originally meant to stop the malware that changes DNS from attaining its goal automatically.

SouceSec stated that the flaw in implementation allowed a malware/attacker to obtain Wi-Fi Protected Access (WPA) passphrase that too by means of merely user-level access, and without a properly solved CAPTCHA. This is apparently because the authentication system based on CAPTCHA was improperly integrated into some of the pages.

Further, a combination of simple JavaScript code using anti-DNS (Domain Name System) may be implemented without having the need for attacker to install the malware on router. Rather, the assault can be launched by visiting a site. In other words, a D-Link user’s visit to a site with its router may simply result in downloading of malware on his/her system, all due to this malicious flaw.


Leave a Reply

Your email address will not be published. Required fields are marked *