Skip to content

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Moderate severity GitHub Reviewed Published Dec 14, 2025 in altcha-org/altcha-lib • Updated Dec 20, 2025

Package

bundler altcha (RubyGems)

Affected versions

< 1.0.0

Patched versions

1.0.0
pip altcha (pip)
< 1.0.0
1.0.0
erlang altcha (Erlang)
< 1.0.0
1.0.0
npm altcha-lib (npm)
< 1.4.1
1.4.1
composer altcha-org/altcha (Composer)
< 1.3.1
1.3.1
gomod github.com/altcha-org/altcha-lib-go (Go)
< 1.0.0
1.0.0
maven org.altcha:altcha (Maven)
< 1.3.0
1.3.0

Description

Impact

A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modified expiration value. This may allow previously solved challenges to be reused beyond their intended lifetime, depending on server-side replay handling and deployment assumptions.

The vulnerability primarily impacts abuse-prevention mechanisms such as rate limiting and bot mitigation. It does not directly affect data confidentiality or integrity.

Patches

This issue has been addressed by enforcing explicit semantic separation between challenge parameters and the nonce during HMAC computation.

Users are advised to upgrade to patched versions.

Workarounds

As a mitigation, implementations may append a delimiter to the end of the salt value prior to HMAC computation (for example, <salt>?expires=<time>&). This prevents ambiguity between parameters and the nonce and is backward-compatible with existing implementations, as the delimiter is treated as a standard URL parameter separator.

References

@ovx ovx published to altcha-org/altcha-lib Dec 14, 2025
Published to the GitHub Advisory Database Dec 16, 2025
Reviewed Dec 16, 2025
Published by the National Vulnerability Database Dec 16, 2025
Last updated Dec 20, 2025

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(14th percentile)

Weaknesses

Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. Learn more on MITRE.

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data. Learn more on MITRE.

CVE ID

CVE-2025-68113

GHSA ID

GHSA-6gvq-jcmp-8959

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.