in lc.captchas.checkAnswer, the first word is a known word and the second word is an unknown word. The known word input must be correct for the captcha to be solved, and if it is, then the unknown word input is added to the unknown answers list. Once an unknown answer has been given 3 times AND is more than 90% of the total unknown answers for the file, it is added to the known word list.
Because the second word is always the unknown word, if a bad actor was to repeatedly request and answer captchas, they may end up solving the same captcha the first three times it is used. In this case, they could give the same irrelevant word as their unknown word input all 3 times (e.g. "hwaxvozaoo"), and it would be accepted as a known word.
In this case, future users would be given the word "hwaxvozaoo" as the expected answer to the known word input, and would not be able to solve the captcha. This captcha would be unsolvable for any user who was shown this captcha.
I can think of a way to mitigate this, but there may be better options for solving this: Record the number of succeeded and failed attempts of each known word per image. Known words with a high number and proportion of failed attempts should be removed from the known words list
in
lc.captchas.checkAnswer, the first word is a known word and the second word is an unknown word. The known word input must be correct for the captcha to be solved, and if it is, then the unknown word input is added to the unknown answers list. Once an unknown answer has been given 3 times AND is more than 90% of the total unknown answers for the file, it is added to the known word list.Because the second word is always the unknown word, if a bad actor was to repeatedly request and answer captchas, they may end up solving the same captcha the first three times it is used. In this case, they could give the same irrelevant word as their unknown word input all 3 times (e.g. "hwaxvozaoo"), and it would be accepted as a known word.
In this case, future users would be given the word "hwaxvozaoo" as the expected answer to the known word input, and would not be able to solve the captcha. This captcha would be unsolvable for any user who was shown this captcha.
I can think of a way to mitigate this, but there may be better options for solving this: Record the number of succeeded and failed attempts of each known word per image. Known words with a high number and proportion of failed attempts should be removed from the known words list