Closed gittyspirit closed 1 year ago
@gittyspirit in free open source software you are free to make a pull request... Maybe the main dev has no time right now.
Hello @gittyspirit , thanks for opening the ticket. The captchas are indeed fairly easy to break, if you build a bot that applies OCR on the image. More distortion would be necessary, to make it harder to identify the characters.
Bypassing moderator approval is however something I have so far been unaware of. This should not be possible, unless the bot uses a moderator account to approve accounts. Do you have any more details on how the vulnerability is supposed to work? Or if possible the source code to bhcli
?
If you want to keep the details private, you can also securely report the vulnerability details to me via email at daniel@danwin1210.de
In Black Hat Chat, Spamming bots easily bypass moderator's approval and Captcha. @n0tr1v wrote a bhcli to bypass these things. Please update the code and make the moderator approval and captcha stronger.