CNNVD-202512-3120 Information
CNNVD ID
CNNVD-202512-3120
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
ALTCHA是ALTCHA开源的一个自托管验证码软件。 ALTCHA存在数据伪造问题漏洞,该漏洞源于HMAC签名未明确绑定挑战参数,可能导致重放攻击。
Description (English)
Altcha is a self-hosted authentication code software from the altcha open source. Altcha has a loophole in the problem of data forgery, which stems from the fact that the HMAC signature did not explicitly bind the challenge parameters, which could lead to a re-emergence of attacks.
Hazard Level
High
Vulnerability Type
数据伪造问题
Affected Vendor
ALTCHA
Published
2025-12-16
Last Modified
2026-02-24
References
https://github.com/altcha-org/altcha-lib-ex/commit/09b2bad466ad0338a5b24245380950ea9918333e https://github.com/altcha-org/altcha-lib-go/commit/4a5610745ef79895a67bac858b2e4f291c2614b8 https://github.com/altcha-org/altcha-lib-java/commit/69277651fdd6418ae10bf3a088901506f9c62114 https://github.com/altcha-org/altcha-lib-java/releases/tag/v1.3.0 https://github.com/altcha-org/altcha-lib-php/commit/9e9e70c864a9db960d071c77c778be0c9ff1a4d0 https://github.com/altcha-org/altcha-lib-php/releases/tag/v1.3.1 https://github.com/altcha-org/altcha-lib-rb/commit/4fd7b64cbbfc713f3ca4e066c2dd466e3b8d359b https://github.com/altcha-org/altcha-lib/commit/cb95d83a8d08e273b6be15e48988e7eaf60d5c08 https://github.com/altcha-org/altcha-lib/releases/tag/1.4.1 https://github.com/altcha-org/altcha-lib/security/advisories/GHSA-6gvq-jcmp-8959
Share on: