CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4612 – MFA bypass in Apereo CAS
https://notcve.org/view.php?id=CVE-2023-4612
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability. Vulnerabilidad de autenticación incorrecta en Apereo CAS en jakarta.servlet.http.HttpServletRequest.getRemoteAddr permite omitir la autenticación multifactor. Este problema afecta a CAS: hasta 7.0.0-RC7. • https://cert.pl/en/posts/2023/11/CVE-2023-4612 https://cert.pl/posts/2023/11/CVE-2023-4612 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •