Central Authentication Service Security Vulnerabilities and Issues — Central Authentication Service CVE List

Lucene search

ApereoCentral Authentication Service

9 matches found

CVE•added 2019/09/23 11:15 p.m.•97 views

CVE-2019-10754

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

8.1CVSS8AI score0.00422EPSS

CVE•added 2021/12/07 10:15 p.m.•85 views

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.

6.1CVSS5.8AI score0.67957EPSS

CVE•added 2015/02/10 8:59 p.m.•81 views

CVE-2015-1169

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.

7.5CVSS7.3AI score0.00607EPSS

CVE•added 2024/05/23 6:15 a.m.•77 views

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

9.1CVSS9.2AI score0.24466EPSS

CVE•added 2020/10/16 4:15 p.m.•71 views

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

7.5CVSS7.5AI score0.00225EPSS

CVE•added 2024/11/14 2:15 p.m.•52 views

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the pub...

9.8CVSS6.7AI score0.00161EPSS

CVE•added 2023/06/27 6:15 p.m.•40 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity o...

7.5CVSS6AI score0.0026EPSS

CVE•added 2024/11/14 2:15 p.m.•38 views

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation...

8.1CVSS4.6AI score0.00132EPSS

CVE•added 2023/11/09 2:15 p.m.•29 views

CVE-2023-4612

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there i...

9.8CVSS9.6AI score0.00044EPSS