Maksym

**Name of the Vulnerable Software and Affected Versions** Apereo CAS versions through 7.0.0-RC7 **Description** The issue is related to an Improper Authentication vulnerability in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method, which allows Multi-Factor Authentication bypass. There is no patch available for this issue, and the vendor does not consider it a vulnerability. **Recommendations** For Apereo CAS versions through 7.0.0-RC7, as a temporary workaround, consider restricting access to the `jakarta.servlet.http.HttpServletRequest.getRemoteAddr` method until a patch is available or the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.