Report an incident
Report an incident

Vulnerability in Apereo CAS software
03 November 2023 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-4612
Publication date 03 November 2023
Vendor Apereo Foundation
Product CAS
Vulnerable versions All through 7.0.0-RC7
Vulnerability type (CWE) Improper Authentication (CWE-287)
Report source Report to CERT Polska


CERT Polska has received a report about vulnerability in Apereo CAS software and participated in its coordination. The vulnerability allows Multi-Factor Authentication bypass via spoofing a device previously saved as trusted. The weakness has been assigned the number CVE-2023-4612. This issue affects all versions through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability, but as a matter of documentation.


We thank Maksym Brzęczek from for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at