Announcement-ID: PMASA-2015-4
Date: 2015-09-08
Vulnerability that allows bypassing the reCaptcha test
This vulnerability allows to complete the reCaptcha test and subsequently perform a brute force attack to guess user credentials without having to complete further reCaptcha tests.
We consider this vulnerability to be non critical since reCaptcha is an additional opt-in security measure.
This vulnerability only affect installations with reCaptcha test enabled.
Versions 4.3.x (prior to 4.3.13.2) and 4.4.x (prior to 4.4.14.1) are affected.
Upgrade to phpMyAdmin 4.3.13.2 or newer, or 4.4.14.1 or newer or apply patch listed below.
Assigned CVE ids: CVE-2015-6830
The following commits have been made on the 4.3 branch to fix this issue:
The following commits have been made on the 4.4 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.