PT-2017-10778 · Jasig · Jasig Phpcas
Published
2017-07-13
·
Updated
2019-10-03
·
CVE-2017-1000071
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jasig phpCAS version 1.3.4
Description
The issue concerns an authentication bypass in the
validateCAS20 function. This occurs when Jasig phpCAS is configured to authenticate against an old CAS server.Recommendations
For Jasig phpCAS version 1.3.4, consider updating the configuration to use a newer CAS server or apply alternative authentication methods to mitigate the risk of authentication bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jasig Phpcas