
Find real vulnerabilities before they ship
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Base Score
8.1| Base Score | 8.1 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |