CVE-2021-29047 SimpleCaptcha answer reuse

Description

The SimpleCaptcha implementation in Liferay Portal 7.3.4 and 7.3.5 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

Severity

Severity 2

Fixed Version(s)

Acknowledgments

This issue was reported by Mikael Andersson

Publication date: Mon, 10 May 2021 16:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.