2 matches found
GHSA-8Q89-PWHH-7WFQ Use of Insufficiently Random Values in penggle:kaptcha
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...
kaptcha access bypass vulnerability
kaptcha is a CAPTCHA generation tool based on SimpleCaptcha. A security vulnerability exists in several files in kaptcha version 2.3.2, which stems from the program's use of the 'Random' function instead of the 'SecureRandom' function to create CAPTCHA values. This vulnerability can be exploited ...