The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability announce 14512

Jasig CAS Server: bypassing authentication via Google Accounts Integration

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication.
Impacted software: CAS Server.
Severity of this computer vulnerability: 4/4.
Consequences of an attack: privileged access/rights, user access/rights.
Attacker's origin: document.
Creation date: 02/04/2014.
Références of this announce: VIGILANCE-VUL-14512.

Description of the vulnerability

The SAML (Security Assertion Markup Language) standard uses XML data to manage the authentication. The Jasig CAS Server product supports SAML 2.0/Google Accounts Integration.

An XML document can contain declarations. However, the java/org/jasig/cas/util/SamlUtils.java file of Jasig CAS Server does not forbid these declarations with "http://apache.org/xml/features/disallow-doctype-decl".

Technical details about the attack procedure are unknown.

An attacker can therefore transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.