Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apereo CAS 2FA login improper authentication
Vulnerability Description
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Apereo CAS 授权问题漏洞
Vulnerability Description
Apereo CAS是Apereo开源的一套基于Web的企业多语言单点登录解决方案。 Apereo CAS 6.6版本存在授权问题漏洞,该漏洞源于2FA组件中的/login?service页面包含一个身份验证不当问题。
CVSS Information
N/A
Vulnerability Type
N/A