CVE-2017-1000071

CVE-2017-1000071

EPSS 3.5%

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog https://github.com/Jasig/phpCAS/issues/228 http://www.securityfocus.com/bid/99609