CVE-2023-4612

CVE-2023-4612: MFA bypass in Apereo CAS

Vendor Apereo Foundation
Product CAS
Weakness CWE-302
Published November 9, 2023
Last update February 26, 2025

CVSS base score

What the vulnerability does

01Description

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

Key dates

02Disclosure timeline

November 9, 2023 CVE published
February 26, 2025 Record updated