Fwd: Security vulnerability on MFA

26 views

Skip to first unread message

leleuj

unread,

Aug 28, 2018, 8:32:55 AM8/28/18

to CAS Community

On Tuesday, August 28, 2018 at 10:39:43 AM UTC+2, leleuj wrote:

Hi,

The MFA features of the Apereo CAS server have a critical security vulnerability that allows one to bypass follow-up authentication factors.

If your CAS deployment uses an MFA integration other than one with Duo Security, you MUST upgrade the version of your CAS server to the latest appropriate release:

- using the 5.3.x stream, upgrade to the version 5.3.3
- using the 5.2.x stream, upgrade to the version 5.2.7
- using older versions, upgrade to the version 5.2.7.

We will provide more details after a grace period of two weeks. For more information on the security policy, please see: https://apereo.github.io/cas/development/planning/Security-Guide.html

Thanks.
Best regards,
Jérôme

Reply all

Reply to author

Forward

0 new messages