An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opencast | Apereo | 4.0 (including) | 10.6 (excluding) |