Central Authentication Service Security Vulnerabilities and Issues — Central Authentication Service CVE List

Lucene search

ApereoCentral Authentication Service

3 matches found

CVE•added 2015/02/10 8:59 p.m.•81 views

CVE-2015-1169

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.

7.5CVSS7.3AI score0.00607EPSS

CVE•added 2020/10/16 4:15 p.m.•72 views

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

7.5CVSS7.5AI score0.00225EPSS

CVE•added 2023/06/27 6:15 p.m.•40 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity o...

7.5CVSS6AI score0.0026EPSS