Insufficient Anti-Automation in Directus 7 API (CVE-2021-12345)

Insufficient Anti-Automation in Directus 7 API (CVE-2021-12345)

CVE-2019-13983 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.

Learn more about our Api Penetration Testing.