A security researcher has discovered a captcha bypass vulnerability in Pastebin and has opted for full disclosure as the online pasting tool has failed to resolve the issue even after multiple reminders.
Scott Arciszewski discovered the vulnerability on October 5 and contacted Pastebin immediately. The team replied back to him in two days and assured the vulnerability will be looked into; however, till the team failed to respond back or patch the vulnerability following which Arciszewski decided to go for a full disclosure.
“It’s November 27 and they still haven’t fixed this (despite me giving them the solution)”, noted Arciszewski in a mail to full disclosure mailing list.
According to Scott the technique to bypass the captcha is pretty lame and obvious and could easily be automated to abuse the system. We have reached out to Arciszewski for further information and will update the story as and when and if we hear something.
