Predictable CAPTCHA Generation in GD::SecurityImage by Perl
CVE-2026-13082
Currently unrated
What is CVE-2026-13082?
Versions of GD::SecurityImage up to 1.75 for Perl utilize the built-in rand function to create challenge text for CAPTCHA, generating a six-character string. This approach is inherently insecure, as it offers predictability and reversibility, making it susceptible to abuse in security contexts. The randomness employed does not meet the standards required for effective security applications, thereby undermining the integrity of the CAPTCHA mechanism.
Affected Version(s)
GD::SecurityImage 0 <= 1.75
