Vulnerabilities (CVE)

Filtered by vendor Apereo Subscribe
Filtered by product Central Authentication Service
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11208 1 Apereo 1 Central Authentication Service 2024-11-19 2.6 LOW 8.1 HIGH
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-11209 1 Apereo 1 Central Authentication Service 2024-11-19 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4612 1 Apereo 1 Central Authentication Service 2024-10-10 N/A 9.8 CRITICAL
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
CVE-2023-28857 1 Apereo 1 Central Authentication Service 2024-02-04 N/A 7.5 HIGH
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity of the provided client certificate, X509CredentialsAuthenticationHandler performs check that this certificate is not revoked. To do so, it fetches URLs provided in the “CRL Distribution Points” extension of the certificate, which are taken from the certificate itself and therefore can be controlled by a malicious user. If the CAS server is configured to use an LDAP server for x509 authentication with a password, for example by setting a “cas.authn.x509.ldap.ldap-url” and “cas.authn.x509.ldap.bind-credential” properties, X509CredentialsAuthenticationHandler fetches revocation URLs from the certificate, which can be LDAP urls. When making requests to this LDAP urls, Apereo CAS uses the same password as for initially configured LDAP server, which can lead to a password leak. An unauthenticated user can leak the password used to LDAP connection configured on server. This issue has been addressed in version 6.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2021-42567 1 Apereo 1 Central Authentication Service 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
CVE-2020-27178 1 Apereo 1 Central Authentication Service 2024-02-04 5.0 MEDIUM 7.5 HIGH
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
CVE-2019-10754 1 Apereo 1 Central Authentication Service 2024-02-04 5.5 MEDIUM 8.1 HIGH
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
CVE-2015-1169 1 Apereo 1 Central Authentication Service 2024-02-04 7.5 HIGH N/A
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.