Amazon Captcha Cracked

Note:
I am looking for a job in information security domain. Any lead or link is highly appreciable.

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : http://www.amazon.com
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

—————————————-
Description:
—————————————-
Amazon has implemented a weak captcha which could be cracked easily.

—————————————-
POC:
—————————————-

Vulnerability Disclosure Timeline:
→ March 28, 2016  – Bug discovered, initial report to Amazon Security Team
→ March 29, 2016  – Vendor Response. Case number assigned.
→ March 31, 2016  – Vendor Response. Weak captcha is intentional. Have additional                                                    controls in place to detect and respond to this type of issue.
→ March 31, 2016  – No Fix.

Thanks to Debasish Mandal for the original script.

Advertisements

4 thoughts on “Amazon Captcha Cracked

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s