cypherbits
commented
1 year ago @gittyspirit in free open source software you are free to make a pull request... Maybe the main dev has no time right now.
Closed gittyspirit closed 1 year ago
cypherbits
commented
1 year ago @gittyspirit in free open source software you are free to make a pull request... Maybe the main dev has no time right now.
DanWin
commented
1 year ago Hello @gittyspirit , thanks for opening the ticket. The captchas are indeed fairly easy to break, if you build a bot that applies OCR on the image. More distortion would be necessary, to make it harder to identify the characters.
Bypassing moderator approval is however something I have so far been unaware of. This should not be possible, unless the bot uses a moderator account to approve accounts. Do you have any more details on how the vulnerability is supposed to work? Or if possible the source code to bhcli?
If you want to keep the details private, you can also securely report the vulnerability details to me via email at daniel@danwin1210.de
In Black Hat Chat, Spamming bots easily bypass moderator's approval and Captcha. @n0tr1v wrote a bhcli to bypass these things. Please update the code and make the moderator approval and captcha stronger.