2 matches found
CVE-2022-35248
A improper authentication vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login...
CVE-2022-35248
Rocket.Chat contains an improper authentication vulnerability (CVE-2022-35248) where enabling CAS during login allows bypass of TOTP 2FA. Affected versions are <5, <4.8.2, and