CouchCMS reCAPTCHA Bypass Vulnerability via Hardcoded Test Keys

A vulnerability exists in CouchCMS versions through 2.4, specifically within the reCAPTCHA Handler component. The issue arises from hardcoded test keys in the file couch/config.example.php, which always return a successful verification response. This flaw allows for the automation of form submissions protected by reCAPTCHA, such as contact, comment, and registration forms, without actually solving the CAPTCHA. The vulnerability can be exploited remotely, although it requires a certain level of complexity.

Impact

Exploitation of this vulnerability allows for the bypass of reCAPTCHA protection, leading to automated spam submissions on contact forms, mass comment spam, brute force attacks on login forms, and automated account registrations.

Reproduction

To reproduce this vulnerability, first verify the presence of the hardcoded test keys by checking the reCAPTCHA configuration in couch/config.example.php. Then, submit a form that uses reCAPTCHA protection, such as a contact form, while including any value for the g-recaptcha-response parameter. The form submission will succeed, bypassing the CAPTCHA validation entirely.