1

Closed

Bypass Vulnerability

description

Somebody from websecurity.com.ua has contacted me regarding a vulnerability of AIP. I was able to confirm that reusing an older web form to bypass AIP, even if the CAPTCHA image is no longer valid, is in fact a vulnerability of AIP.
 
See the original article here:
http://websecurity.com.ua/1568/
 
See my blog for more information about the AIP 2.0.0 implementation:
http://davesexton.com/blog/blogs/blog/archive/2007/12/12/aip-1-0-0-bypassed.aspx
Closed Apr 2, 2008 at 2:25 AM by davedev
This has been fixed according to the information provided in my blog post. Some of the particular details mentioned no longer apply, however.

comments