Potential Captcha Validate Bypass in flask-session-captcha
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate() function would return None if passed no value (e.g. by submitting a request with an empty form). If implementing users were checking the return value to be False, the captcha verification check could be bypassed. Sample vulnerable code: if captcha.validate() == False: … # abort else: …