Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apereo central authentication service vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-4612
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: up to and including 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For ...
Apereo Central Authentication Service 7.0.0
Apereo Central Authentication Service
8.1
CVSSv3
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Apereo Central Authentication Service
Apereo Central Authentication Service 6.1.0
7.5
CVSSv3
CVE-2020-27178
Apereo CAS 5.3.x prior to 5.3.16, 6.x prior to 6.1.7.2, 6.2.x prior to 6.2.4, and 6.3.x prior to 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
Apereo Central Authentication Service 6.3.0
Apereo Central Authentication Service
7.5
CVSSv3
CVE-2023-28857
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert&rdquo...
Apereo Central Authentication Service
6.1
CVSSv3
CVE-2021-42567
Apereo CAS up to and including 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
Apereo Central Authentication Service
NA
CVE-2015-1169
Apereo Central Authentication Service (CAS) Server prior to 3.5.3 allows remote malicious users to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Apereo Central Authentication Service
5.5
CVSSv3
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
Apereo Phpcas 1.2.2
Fedoraproject Fedora 16
Fedoraproject Fedora 15
Debian Debian Linux 8.0
8
CVSSv3
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an malicious user to control th...
Apereo Phpcas
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started