Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.3.x < 4.3.13.2 / 4.4.x < 4.4.14.1 reCaptcha Bypass (PMASA-2015-4)

Medium

Synopsis

The remote web server contains a PHP application that is affected by a captcha bypass vulnerability.

Description

Versions of phpMyAdmin 4.3.x prior to 4.3.13.2 or 4.4.x prior to 4.4.14.1 are unpatched for by a security bypass vulnerability related to reCaptcha processing. An unauthenticated, remote attacker can exploit this to bypass the reCaptcha test, resulting in a bypass of brute-force protection.

Solution

Upgrade to phpMyAdmin 4.3.13.2 / 4.4.14.1 or later. Alternatively, apply the patch referenced in the vendor advisory.