PT-2020-16649 · Apereo · Apereo Cas

Published

2020-10-16

Updated

2021-08-02

CVE-2020-27178

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apereo CAS versions 5.3.x through 5.3.15 Apereo CAS versions 6.x through 6.1.7.1 Apereo CAS versions 6.2.x through 6.2.3 Apereo CAS versions 6.3.x through 6.3.0-RC3

Description The issue concerns the mishandling of secret keys with Google Authenticator for multifactor authentication.

Recommendations For Apereo CAS versions 5.3.x through 5.3.15, update to version 5.3.16 or later. For Apereo CAS versions 6.x through 6.1.7.1, update to version 6.1.7.2 or later. For Apereo CAS versions 6.2.x through 6.2.3, update to version 6.2.4 or later. For Apereo CAS versions 6.3.x through 6.3.0-RC3, update to version 6.3.0-RC4 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-27178

GHSA-Q39C-5VH5-VW2P

Affected Products

Apereo Cas

PT-2020-16649 · Apereo · Apereo Cas

CVE-2020-27178

Weakness Enumeration

Related Identifiers

Affected Products

References · 4