AOH :: HP Unsorted V :: BU-2113.HTM

TooFAST vulnerability
Vulnerabilities in TooFAST
Vulnerabilities in TooFAST

Hello Bugtraq!

I want to warn you about security vulnerabilities in TooFAST.

Advisory: Vulnerabilities in TooFAST
17.03.2010 - found vulnerabilities.
20.03.2010 - disclosed at my site.
22.03.2010 - informed developers.

These are Insufficient Anti-automation and Denial of Service

The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which
is using in this system. I already reported about vulnerabilities in
CaptchaSecurityImages ( 

Insufficient Anti-automation:


Captcha bypass is possible via half-automated or automated (with using of
OCR) methods, which were mentioned before ( 



With setting of large values of width and height it's possible to create
large load at the server.

Vulnerable are TooFAST 1.5 and previous versions.

Best wishes & regards,
Administrator of Websecurity web site 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to