Authentication flaw

2020-10-1616:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

36.0%

JSON

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

CPENameOperatorVersion
central_authentication_serviceeq6.3.0 rc1
central_authentication_serviceeq6.3.0 rc3
central_authentication_serviceeq6.3.0 rc2
central_authentication_servicege6.2.0
central_authentication_servicelt6.2.4
central_authentication_servicege5.3.0
central_authentication_servicelt5.3.16
central_authentication_servicege6.0.0
central_authentication_servicelt6.1.7.2

Name	Operator	Version
central_authentication_service	eq	6.3.0 rc1
central_authentication_service	eq	6.3.0 rc3
central_authentication_service	eq	6.3.0 rc2
central_authentication_service	ge	6.2.0
central_authentication_service	lt	6.2.4
central_authentication_service	ge	5.3.0
central_authentication_service	lt	5.3.16
central_authentication_service	ge	6.0.0
central_authentication_service	lt	6.1.7.2

References

apereo.github.io/2020/10/14/gauthvuln/

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for PRION:CVE-2020-27178