Insecure Randomness Affecting com.github.penggle:kaptcha Open this link in a new tab package, versions [0,]
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMGITHUBPENGGLE-72734
-
published
25 Dec 2018
-
disclosed
19 Oct 2018
-
credit
FanjunMeng
Introduced: 19 Oct 2018
CVE-2018-18531 Open this link in a new tabHow to fix?
There is no fixed version for com.github.penggle:kaptcha
.
Overview
com.github.penggle:kaptcha is a default output produces a google captcha.
Affected versions of this package are vulnerable to Insecure Randomness.
text/impl/DefaultTextCreator.java
, text/impl/ChineseTextProducer.java
, and text/impl/FiveLetterFirstNameTextCreator.java
in kaptcha
use the Random
(rather than SecureRandom
) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.