First published: Thu Nov 09 2023(Updated: )
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
Credit: cvd@cert.pl
Affected Software | Affected Version | How to fix |
---|---|---|
<7.0.0 | ||
=7.0.0-rc1 | ||
=7.0.0-rc2 | ||
=7.0.0-rc3 | ||
=7.0.0-rc4 | ||
=7.0.0-rc5 | ||
=7.0.0-rc6 | ||
=7.0.0-rc7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this MFA bypass vulnerability in Apereo CAS is CVE-2023-4612.
The severity of CVE-2023-4612 is critical with a CVSS score of 9.8.
Apereo CAS versions up to and including 7.0.0-RC7 are affected by CVE-2023-4612.
This vulnerability in Apereo CAS allows MFA bypass by exploiting an improper authentication issue in the 'jakarta.servlet.http.HttpServletRequest.getRemoteAddr' method.
At the time of publication, it is unknown whether new versions of Apereo CAS address the vulnerability.