phpMyAdmin 4.3.x < 18.104.22.168 / 4.4.x < 22.214.171.124 reCaptcha Bypass (PMASA-2015-4)
Medium Nessus Network Monitor Plugin ID 9105
SynopsisThe remote web server contains a PHP application that is affected by a captcha bypass vulnerability.
DescriptionVersions of phpMyAdmin 4.3.x prior to 126.96.36.199 or 4.4.x prior to 188.8.131.52 are unpatched for by a security bypass vulnerability related to reCaptcha processing. An unauthenticated, remote attacker can exploit this to bypass the reCaptcha test, resulting in a bypass of brute-force protection.
SolutionUpgrade to phpMyAdmin 184.108.40.206 / 220.127.116.11 or later. Alternatively, apply the patch referenced in the vendor advisory.