This is a great crypto issue that I think anyone could hunt for, it has to do with seeding of random number generators. Generally speaking in many systems if you know the seed you can break/predict the values that will come from the random number generator. This can actually be a somewhat useful feature as it allows repeatability of “random” events just by using the same seed.

In this case you have two systems that both depend on some randomness. First you have the password reset system, which generates a random token that is sent to the user so they can reset their password. The other system is the captcha system which uses it to generate a randomized image to be the captcha. The way the captcha’s image generator worked is it would take in a key value that was used to seed the random number generator. This was so requests for the same image with the same key would get in-fact get the same random image each time.

The problem is with this two systems existing together, one could use the /image/<key> endpoint to set the random number generators seed, and then go through the password reset flow. As the seed had just been reset, the verification code generated will be the same each time they reset the seed.