4 matches found
CVE-2020-27178
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...
org.apereo.cas:cas-server-support-gauth (>=6.2.0 <=6.2.3), org.apereo.cas:cas-server-support-gauth-core (>=6.2.0 <=6.2.3) +9 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.2.0 <=6.2.3)
org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.3 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...
CVE-2020-27178
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...
CVE-2020-27178
CVE-2020-27178 affects Apereo CAS in multiple lines: 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4. The root cause is mishandling of secret keys used for Google Authenticator-based multifactor authentication. This can lead to improper handling of MFA secr...