Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34907
http://www.securityfocus.com/archive/1/471641/100/0/threaded
http://securityvulns.ru/Rdocument271.html