Improper Restriction of Power Consumption in microweber/microweber

Valid

Reported on

Oct 17th 2021


Description

For comments when the captcha is enable, the attacker can send many spam comments only with first correct captcha code, this means attacker only one time enter the captcha and then can use it for many many times and make damage on availability of system.

We have contacted a member of the microweber team and are waiting to hear back a month ago
We have contacted a member of the microweber team and are waiting to hear back a month ago
Peter Ivanov validated this vulnerability a month ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on 33a8d4 a month ago
Peter Ivanov has been awarded the fix bounty
Peter Ivanov
a month ago

Maintainer


Thanks, the issue has been fixed now