CVE-2024-11209

Name of the Vulnerable Software and Affected Versions Apereo CAS version 6.6

Description A critical issue affects the 2FA component of Apereo CAS, specifically an unknown part of the file /login?service. This leads to improper authentication and can be initiated remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond.

Recommendations For Apereo CAS version 6.6, update to the latest patch to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the /login?service file of the 2FA component until a patch is available.