RSS   Podatności dla 'Central authentication service'   RSS

2021-12-07
 
CVE-2021-42567

CWE-79
 

 
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.

 
2019-09-23
 
CVE-2019-10754

CWE-338
 

 
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

 
2015-02-10
 
CVE-2015-1169

CWE-74
 

 
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.

 

 >>> Vendor: Apereo 4 Produkty
Phpcas
Central authentication service
Opencast
Bw-calendar-engine


Copyright 2024, cxsecurity.com

 

Back to Top