Tamasd

**Name of the Vulnerable Software and Affected Versions** Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 **Description** A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on subsequent submissions if they first successfully solve at least one CAPTCHA manually to obtain valid tokens. **Recommendations** Update Drupal CAPTCHA to version 1.17.0 or later. Update Drupal CAPTCHA to version 2.0.10 or later.