Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Apereo CAS software
03 November 2023 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-4612
Publication date 03 November 2023
Vendor Apereo Foundation
Product CAS
Vulnerable versions All through 7.0.0-RC7
Vulnerability type (CWE) Authentication Bypass by Assumed-Immutable Data (CWE-302)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in Apereo CAS software and participated in its coordination. The vulnerability allows Multi-Factor Authentication bypass via spoofing a device previously saved as trusted. The weakness has been assigned the number CVE-2023-4612. This issue affects all versions through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability, but as a matter of documentation.

Credits

We thank Maksym Brzęczek from efigo.pl for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.