漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MFA bypass in Apereo CAS
Vulnerability Description
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
CVSS Information
N/A
Vulnerability Type
使用假设不可变数据进行的认证绕过
Vulnerability Title
Apereo CAS 授权问题漏洞
Vulnerability Description
Apereo CAS是一套基于Web的企业多语言单点登录解决方案。 Apereo CAS 7.0.0-RC7及之前版本存在安全漏洞,该漏洞源于jakarta.servlet.http.HttpServletRequest.getRemoteAddr 方法中允许绕过多重身份验证。
CVSS Information
N/A
Vulnerability Type
N/A