oss-sec mailing list archives
2 vulnerabilties in phpCAS
From: Joachim Fritschi <fritschi () hrz tu-darmstadt de>
Date: Tue, 03 Aug 2010 11:09:22 +0200
Hi all,the phpCAS library [1] contains 2 security vulnerabilties that have been fixed in the new phpCAS release [2]. Redhat already provided CVE numbers, thanks.
A: CVE-2010-2795 (PHPCAS-61) [3] is a serious issue. It allows you to hijack any authenticated user session if get access to a users service ticket in any way. The submitted service ticket was used to rename the http session before actually validating the ticket. If you intercept or guess a service ticket you can hijack a user session without proper ticket validation.
B: CVE-2010-2796 (PHPCAS-67) [4] is a minor issue. phpCAS is not sanatizing a submitted value. Might be usable for XSS in cas proxy mode.
The phpCAS library is included in multiple other projects: glpi,moodle,tikiwiki,claroline etc. that might be vulnerable as well Regards, Joachim Fritschi [1] https://wiki.jasig.org/display/CASC/phpCAS [2] http://downloads.jasig.org/cas-clients/php/1.1.2/ [3] https://issues.jasig.org/browse/PHPCAS-61 [4] https://issues.jasig.org/browse/PHPCAS-67
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- 2 vulnerabilties in phpCAS Joachim Fritschi (Aug 03)