CVE-2025-65849
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-11
Assigner: MITRE
Description
Description
A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated scraping / bots, not guarantee resistance to determined attackers." The documentation states βthe goal is not to provide a secure cryptographic algorithm but to use a proof-of-work mechanism that allows any capable device to decrypt the hidden data.β
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altcha | altcha | 0.8.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cryptanalytic break in the Altcha Proof-of-Work obfuscation mode version 0.8.0 and later. It allows remote visitors to recover the Proof-of-Work nonce in constant time using mathematical deduction.
How can this vulnerability impact me? :
The vulnerability allows an attacker to recover the Proof-of-Work nonce remotely and quickly, which could undermine the security assumptions of the Proof-of-Work mechanism, potentially enabling attacks that rely on nonce secrecy or integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70