Improper Restriction of Power Consumption in microweber/microweber


Reported on

Oct 17th 2021


For comments when the captcha is enable, the attacker can send many spam comments only with first correct captcha code, this means attacker only one time enter the captcha and then can use it for many many times and make damage on availability of system.

We have contacted a member of the microweber team and are waiting to hear back a year ago
Peter Ivanov validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on 33a8d4 a year ago
Peter Ivanov has been awarded the fix bounty
Peter Ivanov
a year ago


Thanks, the issue has been fixed now

to join this conversation