Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
AV:N/AC:L/Au:N/C:P/I:P/A:PApereo Central Authentication Service
APPApereo≤ 3.5.2
Related vulnerabilities
SSRF w Apereo Central Authentication Service — brak walidacji parametru
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr m...
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles ...
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStrin...
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the functio...