Insufficient Verification of Data Authenticity
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct. This issue affects github.com/mojocn/base64Captcha versions prior to 1.3.6.
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.