Login No Captcha reCAPTCHA < 1.7 – IP Check Bypass | CVE 2022-2913 | Plugin Vulnerabilities

Description

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

Proof of Concept

Set HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR or any other header in LoginNoCaptcha::get_ip_address() which is then checked against the whitelist and Google reCaptcha.
The only caveat on this PoC is that attacker must know the list of IP addresses added to the allow list. This can be done by luring administrators to fake pages, but increases the complexity of the attack.

Affects Plugins

login-recaptcha

Fixed in 1.7

References

CVE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1

Timeline

Publicly Published

2022-08-22 (about 3 years ago)

Added

2022-08-22 (about 3 years ago)

Last Updated

2023-05-11 (about 2 years ago)

Other

Published

Title

Published

2020-04-29

Title

WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated

Published

2022-05-18

Title

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

Published

2016-02-08

Title

User Meta Manager <= 3.4.7 - Information Disclosure

Published

2018-03-02

Title

NextGEN Gallery < 2.2.50 - Galley Paths Not Secured

Published

2022-04-07

Title

SiteGround Security < 1.2.6 - Authentication Bypass via 2-FA Authentication Setup