CVE-2020-27178

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27178

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27178.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27178

Aliases

GHSA-q39c-5vh5-vw2p

Published

2020-10-16T16:15:11.573Z

Modified

2025-12-02T23:30:22.553771Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

References

https://apereo.github.io/2020/10/14/gauthvuln/

Affected packages

Git / github.com/apereo/cas

Affected ranges

Type: GIT
Repo: https://github.com/apereo/cas
Events: Introduced

f0987d714be32ac64ba9e7b5155733936757cf41

Fixed

3f56dfecbec53cd007e36631971dafd037a5a068

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27178.json"

Git / github.com/jasig/cas

Affected ranges

Type: GIT
Repo: https://github.com/jasig/cas
Events: Introduced

78f69385c15757a7a75f4c514d00c421db3fd216

Fixed

4b89fab15ff580fc3481f4cbf3bb917bb9fe05c4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27178.json"