Papers no image

Published on March 7th, 2012 📆 | 6007 Views ⚑


Attacking CAPTCHAs for Fun and Profit
A “Completely Automated Public Turing test to tell Computers and Humans Apart,” or “CAPTCHA,” is used to prevent automated software from performing actions that degrade the quality of service of a given system. CAPTCHAs aim to ensure that the users of applications are human and ultimately aidin preventing unauthorized access and abuse.To analyze the strength of CAPTCHA implementations on the Internet, research was conducted covering several high traffic websites. During the research CAPTCHA protection on three types of forms were

• Registration pages
• Forgotten password functionality
• User comment fields for blog posts, news articles, and other content

The vulnerabilities identified during the research were classified into three broad categories: breaching client-side trust, manipulating server-side implementation, and attacking the CAPTCHA image. In this paper, we will look at the interesting and the most common vulnerabilities identified during the research.

Download PDF:

Tagged with:

Comments are closed.