auth code below. Treat this as if it were a CAPTCHA, SMS MFA code, or E-Mail MFA code.
What's a CAPTCHA? It's a "Completely Automated Turing test for telling Computers and Humans Apart!" Whew! That's a mouthful.
Fortunate for you, this CAPTCHA is in plain text directly in the document. This sort of anti-bot logic would be the kind implemented by somebody who wants their users to have the annoyance of a CAPTCHA, without any of the benefit!
This should be pretty easy to bypass, the form uses id="captcha", so grabbing it via DOM, or parsing the XML of the document (should you enjoy that type of misery) is all you'd need to do.