CVE-2023-45292

Summary

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.

Affected Software

VendorProductVersion RangeStatus
github.com/mojocn/base64Captchagithub.com/mojocn/base64Captcha0 < 1.3.6affected

Weaknesses

  • CWE-305: Authentication Bypass by Primary Weakness

ADP Enrichment

CVE Program Container

Additional References

References