Altcha Proof-of-Work obfuscation mode cryptanalytic break

Description

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction.

Recommendation

No fix is available yet. Followings are affected versions:

• >= 0.8.0, <= 2.2.4

References

• GHSA-mpmc-qchh-r9q8
• altcha.org
• CVE-2025-65849
• CWE-327
• CAPEC-310
• OWASP 2021-A2
• OWASP 2021-A6

Related Issues

• ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay - CVE-2025-68113
• Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter - vega - CVE-2025-26619
• Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter - CVE-2025-26619
• Nuxt DevTools vulnerable to cross-site scripting (XSS) - CVE-2025-52662

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

altcha