11 matches found
SUSE CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
EUVD-2025-203484
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...
Improper Verification of Cryptographic Signature
Overview altcha-lib is an A library for creating and verifying ALTCHA challenges for Node.js, Bun and Deno. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse...
Improper Verification of Cryptographic Signature
Overview altcha is an A lightweight library for creating and verifying ALTCHA challenges. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved...
PT-2025-51359
Name of the Vulnerable Software and Affected Versions ALTCHA versions prior to 1.0.0 Golang package ALTCHA versions prior to 1.0.0 Rubygem package ALTCHA versions prior to 1.0.0 pip package ALTCHA versions prior to 1.0.0 Erlang package ALTCHA versions prior to 1.4.1 altcha-lib npm package ALTCHA...