Description
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)
Oracle Database Server Other Vulnerability (CVE-2002-0840)
Lighttpd Other Vulnerability (CVE-2007-3947)
Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)
WordPress Plugin Delightful Downloads Directory Traversal (1.6.6)