Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MFA bypass in Apereo CAS
Vulnerability Description
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
CVSS Information
N/A
Vulnerability Type
使用假设不可变数据进行的认证绕过
Vulnerability Title
Apereo CAS 授权问题漏洞
Vulnerability Description
Apereo CAS是一套基于Web的企业多语言单点登录解决方案。 Apereo CAS 7.0.0-RC7及之前版本存在安全漏洞,该漏洞源于jakarta.servlet.http.HttpServletRequest.getRemoteAddr 方法中允许绕过多重身份验证。
CVSS Information
N/A
Vulnerability Type
N/A