Kaptcha · Kaptcha · CVE-2018-18531
**Name of the Vulnerable Software and Affected Versions**
kaptcha version 2.3.2
**Description**
The issue allows remote attackers to bypass intended access restrictions via a brute-force approach due to the use of the `Random` function instead of `SecureRandom` for generating CAPTCHA values in certain Java classes.
**Recommendations**
For kaptcha version 2.3.2, consider updating the `DefaultTextCreator.java`, `ChineseTextProducer.java`, and `FiveLetterFirstNameTextCreator.java` classes to use `SecureRandom` instead of `Random` for generating CAPTCHA values to prevent brute-force attacks.