3 matches found
CVE-2020-5206
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example...
CVE-2020-5206
Opencast prior to versions 7.6 and 8.1 was vulnerable to an authentication bypass: a fake remember-me token could be accepted as a valid login for a user (even if the token was incorrect) because the attacked endpoint allowed anonymous access. This could let an attacker impersonate a user, includ...
CVE-2020-5206 Authentication Bypass For Endpoints With Anonymous Access in OpenCast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example...