CVE request: CAPTCHA bypass in MantisBT

[Damien Regad <dregad () mantisbt org>]

Greetings,

Please assign a CVE ID for the following issue


Description:

An attacker can get an unlimited amount of CAPTCHA "samples" with 
different perturbations for the same challenge, which makes the whole 
captcha utterly useless and very easy to bypass.


Affected versions:
<= 1.2.19

Fixed in versions:
1.2.19 (not yet released)

Patch:
See Github [1]

Credit:
This vulnerability was reported [2] by Florent Daigniere from Matta 
Consulting.
The issue was fixed by Damien Regad (MantisBT Developer).

References:
Further details available in our issue tracker [2]

[1] https://github.com/mantisbt/mantisbt/commit/39a92726
[2] https://www.mantisbt.org/bugs/view.php?id=17984