SSL Certificate Spoofing Vulnerability in phpCAS by Jasig
CVE-2012-5583

Currently unrated

Key Information:

Vendor

Apereo

Status
Vendor
CVE Published:
6 June 2014

What is CVE-2012-5583?

phpCAS versions before 1.3.2 fail to verify that the server hostname aligns with the domain name found in the Common Name (CN) or subjectAltName field of the X.509 certificate. This oversight exposes systems to man-in-the-middle attacks, enabling adversaries to impersonate SSL servers using any valid certificate, thus compromising secure connections.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.