|
Title: 0 Post by: B1tUnl0ck3r on May 31, 2019, 07:56:22 PM 0
Title: Re: I just discovered the Captcha bypass code !!! Post by: Vod on May 31, 2019, 08:01:10 PM I mean it's super great system. Thank you for making it !!! https://bitcointalk.org/captcha_code.php Since it's activated? And maybe the only one who didn't knew that this necessary option existed... :). My BPIP scraper has been using it since it was introduced. A very nice feature indeed. :) Title: Re: I just discovered the Captcha bypass code !!! Post by: posi on May 31, 2019, 08:03:35 PM The Captcha bypass code have been in existence for more than 8months if I cab remember correctly and like you said it super great but you need to be aware of the vulnerability involve if the code leak out.
Title: Re: I just discovered the Captcha bypass code !!! Post by: Vod on May 31, 2019, 08:04:38 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Title: Re: I just discovered the Captcha bypass code !!! Post by: LeGaulois on May 31, 2019, 08:07:02 PM He should have installed a breathalyzer for alcohol level check instead to install a Captcha :D
Title: Re: I just discovered the Captcha bypass code !!! Post by: suchmoon on May 31, 2019, 08:34:48 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Someone could bruteforce your password. Title: Re: I just discovered the Captcha bypass code !!! Post by: Vod on May 31, 2019, 08:42:33 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Someone could bruteforce your password. As they could before the code was created. The code does not decrease security in any way. Title: Re: I just discovered the Captcha bypass code !!! Post by: TryNinja on May 31, 2019, 08:45:19 PM As they could before the code was created. The code does not decrease security in any way. But there is a captcha on every attempt. Imagine bruteforcing an password and having to fill Google’s reCAPTCHA every single time. Impossible.If someone finds your code, they can try thousands of combinations in seconds. Title: Re: I just discovered the Captcha bypass code !!! Post by: suchmoon on May 31, 2019, 09:32:52 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Someone could bruteforce your password. As they could before the code was created. The code does not decrease security in any way. As TryNinja said, it allows to do it much cheaper and quicker. However, with a strong password the chance of that happening is still much lower than the chance of buses and chimneys making me go insane, so I don't hesitate to use it. Title: Re: I just discovered the Captcha bypass code !!! Post by: BitMaxz on May 31, 2019, 10:27:44 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Someone could bruteforce your password. As they could before the code was created. The code does not decrease security in any way. As TryNinja said, it allows to do it much cheaper and quicker. However, with a strong password the chance of that happening is still much lower than the chance of buses and chimneys making me go insane, so I don't hesitate to use it. Don't forget the reset button as it helps to generate a new bypass link and disable/remove the old one. So if you don't want your account to be compromised use the reset button whenever you log out and it's a good practice to keep your account safe. Title: Re: I just discovered the Captcha bypass code !!! Post by: Vod on May 31, 2019, 11:14:47 PM As they could before the code was created. The code does not decrease security in any way. But there is a captcha on every attempt. Imagine bruteforcing an password and having to fill Google’s reCAPTCHA every single time. Impossible.If someone finds your code, they can try thousands of combinations in seconds. Without a comprised database, wouldn't the forum firewall limit you to one attempt per second on average? Title: Re: I just discovered the Captcha bypass code !!! Post by: TryNinja on May 31, 2019, 11:16:23 PM Without a comprised database, wouldn't the forum firewall limit you to one attempt per second on average? Maybe... but in that case, wouldn’t you be able to use multiples IPs to make multiple consecutive tries.Title: Re: I just discovered the Captcha bypass code !!! Post by: Thirdspace on May 31, 2019, 11:56:57 PM If someone finds your code, they can try thousands of combinations in seconds. I checked the stay logged in option during login to avoid re-logging in and completing captcha everytime is there also a security risk having my account always stay logged in? I think it's been over a year+ Title: Re: I just discovered the Captcha bypass code !!! Post by: TryNinja on June 01, 2019, 12:04:48 AM I checked the stay logged in option during login to avoid re-logging in and completing captcha everytime If someone manages to log in to your wallet, they will be able to stay logged in forever (until you log in with a specific expire time, which will log out everyone).is there also a security risk having my account always stay logged in? I think it's been over a year+ Also, if someone gets your browser cookies, they can spoof your session and stay logged. That’s all I’ve noticed. Title: Re: I just discovered the Captcha bypass code !!! Post by: sowns on June 01, 2019, 03:27:15 AM As they could before the code was created. The code does not decrease security in any way. But there is a captcha on every attempt. Imagine bruteforcing an password and having to fill Google’s reCAPTCHA every single time. Impossible.If someone finds your code, they can try thousands of combinations in seconds. Title: Re: I just discovered the Captcha bypass code !!! Post by: suchmoon on June 01, 2019, 04:07:06 AM Am I stupid or something? What’s stopping them from using their own code to brute force an account? Codes are unique to each account. If you use your code on a different account you get "Invalid ccode" even if you enter the correct password. Title: Re: I just discovered the Captcha bypass code !!! Post by: posi on June 01, 2019, 06:39:27 PM but you need to be aware of the vulnerability involve if the code leak out. What vulnerability? Someone could bruteforce your password. As they could before the code was created. The code does not decrease security in any way. Quote You can bypass the CAPTCHA on the login page by bookmarking this link and using it to login: https://bitcointalk.org/index.php?action=login;ccode=xxxxxxxxxxxxxccxcxxxx This link is unique to your account. You cannot use it with other accounts. It only works on the login page. If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it: Title: Re: I just discovered the Captcha bypass code !!! Post by: zenhu on June 01, 2019, 07:08:57 PM Suchmoon understand the vulnerability I'm talking about and the same thing still applied after the code was created. Go to the link provided by OP this is what you'll get well, look like everyone can login without captcha then. i try to open this at incognito and i dont see any captcha. Quote You can bypass the CAPTCHA on the login page by bookmarking this link and using it to login: https://bitcointalk.org/index.php?action=login;ccode=xxxxxxxxxxxxxccxcxxxx This link is unique to your account. You cannot use it with other accounts. It only works on the login page. If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it: edit: oh fuck silly me, just try to login and it says invalid code Title: Re: I just discovered the Captcha bypass code !!! Post by: TryNinja on June 01, 2019, 07:12:58 PM well, look like everyone can login without captcha then. i try to open this at incognito and i dont see any captcha. They can...? What's the issue?The first time you log in with the captcha, grab your bypass captcha code and can use that link to log in (to your account) anywhere without having to fill the captcha ever again. This only works if you're logging with your account's bypass-captcha code. Title: Re: I just discovered the Captcha bypass code !!! Post by: zenhu on June 01, 2019, 07:16:03 PM They can...? What's the issue? Yeah get that, im talking about quoted msg from posi. and i try to open then link profided. i just though since no capthca there i can login, turn out its show as invalid code when im using my username and password.The first time you log in with the captcha, grab your bypass captcha code and can use that link to log in (to your account) anywhere without having to fill the captcha ever again. Title: Re: I just discovered the Captcha bypass code !!! Post by: TryNinja on June 01, 2019, 07:18:33 PM Yeah get that, im talking about quoted msg from posi. and i try to open then link profided. i just though since no capthca there i can login, turn out its show as invalid code when im using my username and password. If the code "xxxxxxxxxxxxxccxcxxxx" in his example was someone's bypass-captcha code, you would be able to log in with (and only) that account w/o a captcha.Title: Re: I just discovered the Captcha bypass code !!! Post by: posi on June 01, 2019, 09:39:05 PM They can...? What's the issue? Yeah get that, im talking about quoted msg from posi. and i try to open then link profided. i just though since no capthca there i can login, turn out its show as invalid code when im using my username and password.The first time you log in with the captcha, grab your bypass captcha code and can use that link to log in (to your account) anywhere without having to fill the captcha ever again. |