6.8
CVSSv2

CVE-2017-1000071

Published: 17/07/2017 Updated: 21/11/2024

Vulnerability Summary

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apereo phpcas 1.3.4

Vendor Advisories

Debian Bug report logs - #868466 php-cas: CVE-2017-1000071 Package: src:php-cas; Maintainer for src:php-cas is Xavier Guimard <yadd@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Jul 2017 19:09:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version php-cas/ ...