Advisories » MGASA-2014-0167

Updated perl-Authen-Captcha package uses randomly generated filenames

Publication date: 09 Apr 2014
Modification date: 09 Apr 2014
Type: security
Affected Mageia releases : 3 , 4

Description

An issue in previous versions of perl-Authen-Captcha is that the generated 
public string (file name of the picture) for the captcha is merely a 
checksum of the secret string. It is trivial to break such short strings 
even using google instead of a rainbow table.

This new version of perl-Authen-Captcha fixes the problem by producing a 
random filename for the captcha.
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131155.html
• https://bugs.mageia.org/show_bug.cgi?id=13165

SRPMS

3/core

• perl-Authen-Captcha-1.24.0-1.mga3

4/core

• perl-Authen-Captcha-1.24.0-1.mga4