Description
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1316083
Technical Description, Third Party Advisory x_refsource_misc
https://patrick.uiterwijk.org/2016/03/09/fedora-spam-dwf-2016-89000/
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
56.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (1)
python/tgcaptcha2
0.3.0
Published
Oct 25, 2016
Tracked Since
Feb 18, 2026