Topic: | Multiple phpCAS library vulnerabilities |
Severity: | Major |
Versions affected: | < 1.9.10 and < 1.8.14 |
Reported by: | Multiple reporters http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3692 |
Issue no.: | MDL-24789 |
Solution: | Upgrade to latest release or if you do not use CAS authentication delete the /auth/cas/* directory |
Description:
The CAS authentication plugin is using the phpCAS library internally. The latest version contains fixes for multiple security problems.