Google said that it had patched this week a security bug in reCaptcha which could have been exploited by attackers to bypass the anti-spam system.
Google’s reCaptcha is a Turing test-based that uses puzzles or logica cases to screen out bots. However, it is not foolproof and may also trust website visitors using cookies.
Security researcher Andres Riancho identified the flaw which he submitted to Google. Riancho said that Google merely said that reCaptcha was working as intended the first time he reported the bug, but eventually confirmed it and awarded him $500.