CVE-2020-27178

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27178

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27178.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27178

Aliases

GHSA-q39c-5vh5-vw2p

Published

2020-10-16T16:15:11Z

Modified

2024-10-12T06:27:11.264350Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

References

https://apereo.github.io/2020/10/14/gauthvuln/

Affected packages

Git / github.com/apereo/cas

Affected ranges

Type: GIT
Repo: https://github.com/apereo/cas
Events: Introduced

f0987d714be32ac64ba9e7b5155733936757cf41

Fixed

3f56dfecbec53cd007e36631971dafd037a5a068

Type: GIT
Repo: https://github.com/jasig/cas
Events: Introduced

461b3b0c421cee6ae6863b3e01f5bc34c748eae9

Fixed

60ba4cdd35a279ba8aae8922920099d314576500

Affected versions

v6.*

v6.2.0

v6.2.1

v6.2.2

v6.2.3