CVE-2017-11717

HIGH

MetInfo <= 5.3.17 - Authentication Bypass via CAPTCHA Reuse

Title source: llm
STIX 2.1

Description

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://lncken.cn/?p=343

Scores

CVSS v3 7.5
EPSS 0.0113
EPSS Percentile 62.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-290
Status published
Products (1)
metinfo_project/metinfo < 5.3.17
Published Jul 28, 2017
Tracked Since Feb 18, 2026