Security announcements

MSA-10-0002: XSS vulnerabilty in the phpcas module

 
Picture of Petr Skoda
MSA-10-0002: XSS vulnerabilty in the phpcas module
 
Topic: XSS vulnerabilty in the phpcas module
Severity/Risk: Major (if using CAS)
Versions affected: <1.8.12 and <1.9.8
Reported by: Joachim Fritschi
Issue no.: MDL-21802
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: use CAS/Client.php from latest release


Description:
We have backported a fix for a security problem fixed in recent version of PHP CAS client library - http://www.ja-sig.org/issues/browse/PHPCAS-52. The problem can be exploited only if CAS authentication is enabled and used on your site.