cas-server-support-otp-mfa is vulnerable to information disclosure. The vulnerability exists as the user’s secret key is sent as a GET
parameter in an img
tag when Google Authenticator is used.
CPE | Name | Operator | Version |
---|---|---|---|
cas-server-support-otp-mfa | le | 5.3.15.1 | |
cas-server-support-otp-mfa-core | le | 6.2.3 | |
cas-server-support-otp-mfa-core | le | 6.1.7.1 |