1Panel CAPTCHA Bypass Vulnerability in Authentication API

A CAPTCHA verification bypass vulnerability has been identified in 1Panel, an open-source web-based control panel for Linux server management. This vulnerability affects versions through 2.0.13. It allows an unauthenticated attacker to disable CAPTCHA verification by exploiting a client-controlled parameter in the login API. The server's trust in this parameter, without proper validation, enables the bypass of CAPTCHA protections. As a result, automated login attempts can be made, significantly increasing the risk of account takeover.

Impact

Exploitation of this vulnerability allows for unauthorized bypassing of CAPTCHA verification, enabling automated login attempts and increasing the risk of account takeover.

Reproduction

To reproduce this vulnerability, send a request to the /api/login endpoint with the 'ignoreCaptcha' parameter set to true. This will disable the CAPTCHA verification process, allowing for automated login attempts to be made without the usual CAPTCHA challenge.

Remediation

Users can upgrade to 1Panel version 2.0.14 or later, where this vulnerability has been patched.