CVE-2025-65849

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS

Description

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated scraping / bots, not guarantee resistance to determined attackers." The documentation states “the goal is not to provide a secure cryptographic algorithm but to use a proof-of-work mechanism that allows any capable device to decrypt the hidden data.”

altcha-org/altcha
altcha-org/altcha
GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism.
GitHubGitHub
2.41K
eternal-flame-AD/altcha-deobfs
eternal-flame-AD/altcha-deobfs
Constant time deobfuscation of text from Altcha's "Proof-of-Work" obfuscation scheme.
GitHubGitHub