VYPR
← All advisories
Critical severityNVD Advisory· Published Mar 21, 2023· Updated Feb 27, 2025

Authentication Bypass by Capture-replay in answerdev/answer

CVE-2023-1537

Description

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2023-1537 is a CAPTCHA replay vulnerability in Answer prior to 1.0.6, allowing authentication bypass by reusing a captured CAPTCHA response.

Vulnerability

Overview CVE-2023-1537 is an authentication bypass vulnerability in the Answer Q&A platform (formerly answerdev/answer), affecting versions prior to 1.0.6. The flaw is a capture-replay attack on the CAPTCHA mechanism: the platform failed to invalidate a CAPTCHA token after successful verification, allowing an attacker to reuse the same CAPTCHA response multiple times without solving new challenges [1][3].

Exploitation

Details No authentication is required to trigger the vulnerability; any unauthenticated user with network access to an affected Answer instance can exploit it. The attack involves eavesdropping on a legitimate CAPTCHA exchange (e.g., during login or registration) to capture a valid CAPTCHA string and its corresponding key. The attacker can then replay this captured pair in subsequent requests to bypass the CAPTCHA check, effectively defeating the anti-automation control [4].

Impact

Successful exploitation allows an attacker to bypass the CAPTCHA-based authentication or action verification, potentially enabling automated account creation, brute-force login attempts, or spam submissions. Since the CAPTCHA is intended to distinguish human users from automated scripts, its replay undermines the platform's security posture against automated attacks [1][4].

Mitigation

The vulnerability was fixed in version 1.0.6 of Answer. The patch adds a DelCaptcha call in the VerifyCaptcha function, deleting the CAPTCHA record from the store immediately after a successful verification, preventing future replays of the same token [3]. Users of earlier versions should upgrade to 1.0.6 or later. No known workarounds have been published.

References
  1. NVD - CVE-2023-1537
  2. update VerifyCaptcha · apache/answer@813ad0b
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/answerdev/answerGo
< 1.0.61.0.6

Affected products

2

Patches

1
813ad0b98946

update VerifyCaptcha

https://github.com/answerdev/answeraichy126Feb 24, 2023via ghsa
commit
2 files changed · +15 0
  • internal/repo/captcha/captcha.go+8 0 modified
    @@ -68,3 +68,11 @@ func (cr *captchaRepo) GetCaptcha(ctx context.Context, key string) (captcha stri
 	}
 	return captcha, nil
 }
+
+func (cr *captchaRepo) DelCaptcha(ctx context.Context, key string) (err error) {
+	err = cr.data.Cache.Del(ctx, key)
+	if err != nil {
+		log.Debug(err)
+	}
+	return nil
+}
  • internal/service/action/captcha_service.go+7 0 modified
    @@ -16,6 +16,7 @@ import (
 type CaptchaRepo interface {
 	SetCaptcha(ctx context.Context, key, captcha string) (err error)
 	GetCaptcha(ctx context.Context, key string) (captcha string, err error)
+	DelCaptcha(ctx context.Context, key string) (err error)
 	SetActionType(ctx context.Context, ip, actionType string, amount int) (err error)
 	GetActionType(ctx context.Context, ip, actionType string) (amount int, err error)
 	DelActionType(ctx context.Context, ip, actionType string) (err error)
@@ -143,6 +144,12 @@ func (cs *CaptchaService) GenerateCaptcha(ctx context.Context) (key, captchaBase
 func (cs *CaptchaService) VerifyCaptcha(ctx context.Context, key, captcha string) (isCorrect bool, err error) {
 	realCaptcha, err := cs.captchaRepo.GetCaptcha(ctx, key)
 	if err != nil {
+		log.Error("VerifyCaptcha GetCaptcha Error", err.Error())
+		return false, nil
+	}
+	err = cs.captchaRepo.DelCaptcha(ctx, key)
+	if err != nil {
+		log.Error("VerifyCaptcha DelCaptcha Error", err.Error())
 		return false, nil
 	}
 	return strings.TrimSpace(captcha) == realCaptcha, nil

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.