Deciphering the Simple Machine?s Forum audio Captcha

2008.04.30

Credit: Michael Brooks

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2008-2019

CWE: CWE-264

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

The Simple Machine?s Forum audio Captcha that has been hardened from attack. I have contacted SMF about this flaw and it has been verified.
I go into greater detail of how i am able to break this captcha here:
http://www.rooksecurity.com/blog/?p=6
Exploit Code: http://www.rooksecurity.com/exploits/smf_captcha.zip
This captcha has been broken before and exploit code is available here: http://www.securityfocus.com/archive/1/471641 . The fix was to add a randomly generated static.
I was able to write code to decipher the audio file using a Fuzzy Logic comparison http://en.wikipedia.org/wiki/Fuzzy_logic . The comparison is the Hamming Distance http://en.wikipedia.org/wiki/Hamming_distance between the original audio file and the damaged one generated by the Captcha.
peace

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Deciphering the Simple Machine?s Forum audio Captcha

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.