Authentication flaw

2023-11-0914:15:00

PRIOn knowledge base

www.prio-n.com

improper authentication

vulnerability

apereo cas

httpservletrequest

multi-factor authentication bypass

security issue

patch

vendor

nvd

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.1%

JSON

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

CPENameOperatorVersion
central_authentication_serviceeq7.0.0 rc2
central_authentication_serviceeq7.0.0 rc3
central_authentication_serviceeq7.0.0 rc4
central_authentication_serviceeq7.0.0 rc5
central_authentication_serviceeq7.0.0 rc6
central_authentication_serviceeq7.0.0 rc7
central_authentication_servicelt7.0.0
central_authentication_serviceeq7.0.0 rc1

Name	Operator	Version
central_authentication_service	eq	7.0.0 rc2
central_authentication_service	eq	7.0.0 rc3
central_authentication_service	eq	7.0.0 rc4
central_authentication_service	eq	7.0.0 rc5
central_authentication_service	eq	7.0.0 rc6
central_authentication_service	eq	7.0.0 rc7
central_authentication_service	lt	7.0.0
central_authentication_service	eq	7.0.0 rc1