Advisories ยป MGASA-2014-0167

Updated perl-Authen-Captcha package uses randomly generated filenames

Publication date: 09 Apr 2014
Type: security
Affected Mageia releases : 3 , 4

Description

An issue in previous versions of perl-Authen-Captcha is that the generated 
public string (file name of the picture) for the captcha is merely a 
checksum of the secret string. It is trivial to break such short strings 
even using google instead of a rainbow table.

This new version of perl-Authen-Captcha fixes the problem by producing a 
random filename for the captcha.
                

References

SRPMS

4/core

3/core