Gd
Monthly
CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.
CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.