1 more CAPTCHA implementation vulnerability
In some web apps, the logic of the captcha validation is that: the validation will only be done if the captchaAnswer is not null. And the validation will not be performed if the captchaAnswer is null. And there is no logic elsewhere to ensure that captchaAnswer cannot be null. What this means is that this captcha validation can be very easily bypassed when the hacker simply avoids submitting the CAPTCHA answer.