BaseIncomplete

CWE-804Guessable CAPTCHA

Category: other

Description

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

Common consequences· 1

  • Access Control / Other — Bypass Protection Mechanism, Other
    When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA.

References

  1. https://cwe.mitre.org/data/definitions/804.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-40916cve-2025-409160%live
VulnerabilityCVE-2025-50850cve-2025-508500%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Weak Authentication
CWE
Sensitive Cookie Without 'HttpOnly' Flag
CWE
Insufficiently Protected Credentials
CWE
Use of Single-factor Authentication
CWE
Improper Access Control
CWE
Weak Password Requirements
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.