reCAPTCHA bypass vulnerability patched

Google has patched a reCAPTCHA security vulnerability that allows an attacker to bypass a system.

reCAPTCHA is a free online service offered by Google that helps protect websites from spam and bot abuse.

The flaw was discovered by security researcher Andres Riancho as revealed in a blog post on Monday and reported by ZDNet

“The bypass required the web application using reCAPTCHA to craft the request to /recaptcha/api/siteverify in an insecure way; but when this situation occurred the attacker was able to bypass the protection every time,” Riancho said in the blog post

The issue was also fixed “upstream” at Google’s reCAPTCHA API. So no modifications are required to your web applications, the researcher added.

Leave a Reply