The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Jasig CAS Server

vulnerability CVE-2015-1169

Jasig CAS Server: bypassing LDAP authentication via Wildcard

Synthesis of the vulnerability

An attacker can use the wildcard character on Jasig CAS Server, in order to ease a brute force attack on the LDAP directory.
Impacted products: CAS Server.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 21/01/2015.
Identifiers: CVE-2015-1169, VIGILANCE-VUL-16020.

Description of the vulnerability

The Jasig CAS Server product uses a LDAP directory to store login/password of users.

However, if user "laurent" exists, an attacker can only enter "la*" with his valid password, to authenticate on the account.

An attacker can therefore use the wildcard character on Jasig CAS Server, in order to ease a brute force attack on the LDAP directory.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 14512

Jasig CAS Server: bypassing authentication via Google Accounts Integration

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication.
Impacted products: CAS Server.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 02/04/2014.
Identifiers: VIGILANCE-VUL-14512.

Description of the vulnerability

The SAML (Security Assertion Markup Language) standard uses XML data to manage the authentication. The Jasig CAS Server product supports SAML 2.0/Google Accounts Integration.

An XML document can contain declarations. However, the java/org/jasig/cas/util/SamlUtils.java file of Jasig CAS Server does not forbid these declarations with "http://apache.org/xml/features/disallow-doctype-decl".

Technical details about the attack procedure are unknown.

An attacker can therefore transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Jasig CAS Server: