SSL Certificate Spoofing Vulnerability in phpCAS by Jasig
CVE-2012-5583
Currently unrated
What is CVE-2012-5583?
phpCAS versions before 1.3.2 fail to verify that the server hostname aligns with the domain name found in the Common Name (CN) or subjectAltName field of the X.509 certificate. This oversight exposes systems to man-in-the-middle attacks, enabling adversaries to impersonate SSL servers using any valid certificate, thus compromising secure connections.
