MFA bypass in Apereo CAS
CVE-2023-4612
9.8CRITICAL
What is CVE-2023-4612?
An improper authentication vulnerability exists in Apereo CAS allowing unauthorized bypass of Multi-Factor Authentication. This issue is specifically linked to the method jakarta.servlet.http.HttpServletRequest.getRemoteAddr, which can be exploited to bypass security measures. As of now, the vulnerability affects all versions of CAS through 7.0.0-RC7, and there is no official patch or treatment from the vendor. Future releases may or may not remediate the issue.
Affected Version(s)
CAS 0 <= 7.0.0-RC7
