Possible vulnerability in JCAPTCHA Audio

Description

JCaptcha always generates the same sound file. That is, for example, the number 3408, always gives a .wav sound file wich is exactly the same sound. So it is trivial so map all the entire range of posssible captcha sounds and thus the attacker does not need to "listen" the file, just a script that downloads the sound file, check it's hash and find what number is associated with that hash. So automated attacks to bypass the captcha are trivial...

Environment

Unknown

Assignee

Unassigned

Reporter

hugo vazquez

Labels

None

Fix versions

Affects versions

Priority

Critical
Configure