CVE-2020-27178

Published: Oct 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

Affected (6)

Products: Apereo: Central Authentication Service

Apereo

1 product

Central Authentication Service

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apereo Central Authentication Service	From 5.3.0 to 5.3.16
Apereo Central Authentication Service	From 6.0.0 to 6.1.7.2
Apereo Central Authentication Service	From 6.2.0 to 6.2.4
Apereo Central Authentication Service	Version 6.3.0 rc1
Apereo Central Authentication Service	Version 6.3.0 rc2
Apereo Central Authentication Service	Version 6.3.0 rc3

References (2)

https://apereo.github.io/2020/10/14/gauthvuln/

Source: cve@mitre.org

Vendor Advisory

https://apereo.github.io/2020/10/14/gauthvuln/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.