Primary

Context

Mojolicious::Plugin::CaptchaPNG Weak Random Number Generation Vulnerability

Vulnerability

A vulnerability exists in Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl, where a weak random number generator is used for creating captcha text and image noise. The plugin relies on the built-in rand() function, which is not secure for generating random data needed for captchas. This issue allows for potential prediction of captcha values, undermining the effectiveness of the captcha mechanism.

Impact

Exploitation of this vulnerability could lead to captchas being easily bypassed or manipulated, as the predictability of the random number generation could be exploited to anticipate captcha values.

Remediation

Users can upgrade to Mojolicious::Plugin::CaptchaPNG version 1.06 or later, which addresses this vulnerability by using Crypt::URandom for secure random number generation. Instructions for updating can be found on MetaCPAN.

Added: Jun 16, 2025, 11:22 AM

Updated: Jun 16, 2025, 12:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mojolicious::Plugin::CaptchaPNG Weak Random Number Generation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating