pybbs <=6.0.0 CAPTCHA reuse Vulnerabilityinfo

Title	atjiu https://github.com/atjiu/pybbs <=6.0.0 CAPTCHA reuse Vulnerability
Description	In the latest v6.0.0 version, the verification codes at the frontend login and registration functions do not automatically refresh, making them reusable. At the registration function, already registered usernames will display "Username already exists," which allows for username brute-forcing. After obtaining the username, one can proceed to the login function to continue brute-forcing the corresponding password.
Source	⚠️ https://github.com/atjiu/pybbs/issues/199
User	ZAST.AI (UID 87884)
Submission	07/25/2025 03:29 (11 months ago)
Moderation	08/04/2025 15:05 (10 days later)
Status	Accepted
VulDB entry	318675 [atjiu pybbs up to 6.0.0 Verification Code adminlogin/login Captcha]
Points	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!