从这个网页截图中可以获取到以下关于漏洞的关键信息: 提交编号: #596481 标题: xxyopen novel-plus 5.1.3 Improper Restriction of Excessive Authentication Attempts 描述: - The ajaxLogin method in the authentication module is vulnerable to a Captcha Replay Attack. - The application correctly validates the user-submitted captcha against the one stored in the session but fails to invalidate or remove the captcha after its first use. - This allows an attacker to reuse a single valid captcha indefinitely to perform automated brute-force dictionary attacks against user passwords, completely bypassing the anti-automation security control. 来源: https://blog.0x00.cn/flag/captcha-replay-attack-lead-to-brute-force-protection-bypass 用户: mayfly (UID 8523) 提交时间: 8/25/2022 9:2 AM (27 days ago) 审核状态: Pending (since 8/25/2022 4:37 PM 状态: Green (表示已通过初步审核) VulDB条目: [xxyopen/2012000000 novel-plus up is 3 1:3 CAPTCHA LoginController.java ajaxLogin authentication replay] 积分: 20 这些信息提供了关于漏洞的详细描述、来源、提交者和当前状态等关键信息。