BridgeDB Server uses insecure pseudorandom generator for selecting cached captcha
https://gitweb.torproject.org/bridgedb.git/tree/bridgedb/captcha.py#n389
From python documentation: The pseudo-random generators of this module (random) should not be used for security purposes.
It should use the secrets module secrets.choice() or if you plan to keep python2 compatibility random.SystemRandom.choice().
Trac:
Username: willbarr