Description

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

Remediation

References

CVE-2021-29047

Related Vulnerabilities

Oracle JRE CVE-2018-2798 Vulnerability (CVE-2018-2798)

Moodle CVE-2011-4291 Vulnerability (CVE-2011-4291)

WordPress Plugin SEO Rank Reporter Cross-Site Scripting (2.2.2)

WordPress Plugin SpiderCatalog Unspecified Vulnerability (1.6.8)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)

Severity

High

Classification

CVE-2021-29047 CWE-287

Tags

Missing Update Known Vulnerabilities