Use of Insufficiently Random Values
kaptcha use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.
Advisories for Maven/Com.github.penggle/Kaptcha package
2018