Topic: | XSS vulnerabilty in the phpcas module |
Severity/Risk: | Major (if using CAS) |
Versions affected: | <1.8.12 and <1.9.8 |
Reported by: | Joachim Fritschi |
Issue no.: | MDL-21802 |
Solution: | upgrade to 1.8.12 or 1.9.8 |
Workaround: | use CAS/Client.php from latest release |
Description:
We have backported a fix for a security problem fixed in recent version of PHP CAS client library - http://www.ja-sig.org/issues/browse/PHPCAS-52. The problem can be exploited only if CAS authentication is enabled and used on your site.