Vulnerability Name:

CVE-2008-7216 (CCN-39688)

Assigned:2008-01-15
Published:2008-01-15
Updated:2018-10-11
Summary:Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Tue Jan 15 2008 - 00:01:03 CST
Defeating audio captcha systems

Source: MITRE
Type: CNA
CVE-2008-7216

Source: MISC
Type: UNKNOWN
http://docs.google.com/View?docid=df36cd52_19xzmkwqcg

Source: CCN
Type: OSVDB ID: 58126
Anti-Spam Spinoff Plugin for WordPress Audio Clip Concatenation Weakness CAPTCHA Bypass

Source: BUGTRAQ
Type: UNKNOWN
20080115 Defeating audio captcha systems

Source: BID
Type: Exploit
27287

Source: CCN
Type: BID-27287
Peter's Math Anti-Spam for WordPress Plugin Audio CAPTCHA Security Bypass Vulnerability

Source: CCN
Type: WordPress Web site
Math Antispam Spinoff plugin for WordPress

Source: XF
Type: UNKNOWN
mathantispam-captcha-security-bypass(39688)

Source: XF
Type: UNKNOWN
mathantispam-captcha-security-bypass(39688)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wordpress:peter's_math_anti-spam_for_wordpress:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    wordpress peter's math anti-spam for wordpress -