Apereo CAS 2FA Improper Authentication Vulnerability
CVE-2024-11209 Published on November 14, 2024
Apereo CAS 2FA login improper authentication
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2024-11209 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2024-11209
Want to know whenever a new CVE is published for Apereo Central Authentication Service? stack.watch will email you.
Affected Versions
Apereo CAS:- Version 6.6 is affected.
- Version 6.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.