Authentication Bypass Vulnerability in Jasig phpCAS Authentications
CVE-2017-1000071

8.1HIGH

Key Information:

Vendor

Apereo

Status
Vendor
CVE Published:
17 July 2017

What is CVE-2017-1000071?

The phpCAS library version 1.3.4, developed by Jasig, is susceptible to an authentication bypass issue in its validateCAS20 function. This vulnerability arises when the library is set up to authenticate against outdated CAS servers. Due to inadequate verification processes, unauthorized users may gain access to systems that rely on this authentication method, potentially compromising sensitive data and functionality. It is critical for users running this version to assess their configurations and consider upgrading to a more secure version to mitigate risks.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.