Description
The SimpleCaptcha implementation in Liferay Portal 7.3.4 and 7.3.5 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
Severity
Severity 2
Fixed Version(s)
Acknowledgments
This issue was reported by Mikael Andersson
Publication date: Mon, 10 May 2021 16:00:00 +0000