Multifactor Authentication Flaw in Apereo CAS by Apereo
CVE-2020-27178

7.5HIGH

Key Information:

Vendor

Apereo

Vendor
CVE Published:
16 October 2020

What is CVE-2020-27178?

The Apereo CAS software contains a vulnerability related to the mishandling of secret keys used in conjunction with Google Authenticator for multifactor authentication. This flaw impacts multiple versions of Apereo CAS, potentially allowing unauthorized access due to compromised authentication mechanisms.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.