Improper Authentication Vulnerability in Apereo CAS Allows Multi-Factor Authentication Bypass

Improper Authentication Vulnerability in Apereo CAS Allows Multi-Factor Authentication Bypass

CVE-2023-4612 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

Learn more about our Web Application Penetration Testing UK.