Newbee Mall Guessable CAPTCHA Vulnerability in Kaptcha Function

A vulnerability exists in Newbee Mall version 1.0 within the Kaptcha function located at '/common/mall/kaptcha'. This issue arises because the CAPTCHA validation relies on the client to request the Kaptcha endpoint, and the CAPTCHA is only reset with each request. As a result, the same CAPTCHA can be reused, allowing attackers to predict and brute-force CAPTCHA challenges without restriction. This vulnerability can be exploited remotely and has been publicly disclosed.

Impact

The vulnerability allows CAPTCHA to be bypassed, failing to prevent brute-force attacks. This increases the risk of automated account takeover attempts.

Reproduction

To reproduce this vulnerability, access the '/common/mall/kaptcha' endpoint to retrieve a CAPTCHA challenge. Then, reuse the same session to send multiple login requests, attempting to brute-force the CAPTCHA. The captured traffic will show how the same CAPTCHA can be applied repeatedly, bypassing the intended protection.

Remediation

It is recommended to regenerate the CAPTCHA for each login attempt, rather than relying on client-side requests to '/common/mall/kaptcha'. This change would ensure that each CAPTCHA challenge is unique and effective in preventing brute-force attacks.