Vulnerabilities (CVE)

Filtered by vendor Kaptcha Project Subscribe
Filtered by product Kaptcha
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18531 1 Kaptcha Project 1 Kaptcha 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.