3 matches found
phpCAS vulnerable to Service Hostname Discovery Exploitation
Impact The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm CAS server to authenticate to the service protected by phpCAS...
phpCAS vulnerable to Service Hostname Discovery Exploitation
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
CVE-2022-39369 Service Hostname Discovery Exploitation in phpCAS
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...