Precisely. I don't see any vulnerability here unless the account holder has set it up incorrectly in which case it is not a bug / vulnerability but rathe a user error
On 12/7/07, Aaron Katz <[EMAIL PROTECTED]> wrote: > > Could you please explain the vulnerability? When I test, and I submit > a correct response to the CAPTCHA, I'm presented with knowledge based > authentication. > > -- > Aaron > > On Dec 7, 2007 1:58 AM, Kristian Erik Hermansen > <[EMAIL PROTECTED]> wrote: > > Proof of concept here... > > http://www.kristian-hermansen.com > > -- > > Kristian Erik Hermansen > > "I have no special talent. I am only passionately curious." > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Smile!!! :) It improves your face value... Visit me at http://www.dharwadkar.com http://www.dharwadkar.org Sister Site: http://www.saraswatibhuvan.org
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
