Коментарі для запису: MoBiC-21: AIP CAPTCHA bypass http://websecurity.com.ua/1568/ Tue, 07 Apr 2026 22:08:55 +0000 http://wordpress.org/?v=MustLive Edition від: MustLive http://websecurity.com.ua/1568/#comment-119351 Thu, 03 Apr 2008 18:16:47 +0000 http://websecurity.com.ua/1568/#comment-119351 <strong>Dave</strong> You are welcome. <blockquote>I’ve recently deployed AIP 2.0, which fixes the vulnerability that you mentioned.</blockquote> It's good that you fixed this hole (in new version of AIP). If I'll find time I'll look at it ;-). Dave

You are welcome.

I’ve recently deployed AIP 2.0, which fixes the vulnerability that you mentioned.

It’s good that you fixed this hole (in new version of AIP). If I’ll find time I’ll look at it ;-) .

]]> від: Dave http://websecurity.com.ua/1568/#comment-119346 Thu, 03 Apr 2008 15:50:52 +0000 http://websecurity.com.ua/1568/#comment-119346 I've recently deployed AIP 2.0, which fixes the vulnerability that you mentioned. Thanks again for reporting it. I’ve recently deployed AIP 2.0, which fixes the vulnerability that you mentioned.

Thanks again for reporting it.

]]> від: Dave http://websecurity.com.ua/1568/#comment-86856 Thu, 13 Dec 2007 03:35:24 +0000 http://websecurity.com.ua/1568/#comment-86856 I've posted info about my solution for AIP 2.0.0 in my blog: http://davesexton.com/blog/blogs/blog/archive/2007/12/12/aip-1-0-0-bypassed.aspx Hopefully you'll find time to reevaluate AIP again and let me know if it passes all of your tests the second time around :) I’ve posted info about my solution for AIP 2.0.0 in my blog:

http://davesexton.com/blog/blogs/blog/archive/2007/12/12/aip-1-0-0-bypassed.aspx

Hopefully you’ll find time to reevaluate AIP again and let me know if it passes all of your tests the second time around :)

]]> від: Dave http://websecurity.com.ua/1568/#comment-86764 Tue, 11 Dec 2007 23:28:24 +0000 http://websecurity.com.ua/1568/#comment-86764 I certainly appreciate that you brought this to my attention. It will be fixed in the next release. However, the "Moral" that you stated isn't being fair to AIP. "Unreliable" would indicate that it isn't working to protect web sites - its purpose. Although there is certainly a potential risk that AIP could be bypassed, in my experience using AIP this has _never_ happened to me and you are the first to report it. Hopefully, I'll be able to fix this bug before AIP actually does become "unreliable" :) Thanks, - Dave I certainly appreciate that you brought this to my attention. It will be fixed in the next release.

However, the “Moral” that you stated isn’t being fair to AIP. “Unreliable” would indicate that it isn’t working to protect web sites - its purpose. Although there is certainly a potential risk that AIP could be bypassed, in my experience using AIP this has _never_ happened to me and you are the first to report it. Hopefully, I’ll be able to fix this bug before AIP actually does become “unreliable” :)

Thanks,
- Dave

]]>