Description: | In the default configuration a phpCAS protected application allowed any other cas service with proxy authorization and valid user credentials to proxy any other phpCAS applications in the same SSO realm. This is a security flaw since individual applications should check whether another application is actually authorized to proxy for users in this particular application.
|