CVE Vulnerabilities

CVE-2014-3527

Improper Authentication

Published: May 25, 2017 | Modified: Jun 08, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Spring_security Vmware 3.1.0 (including) 3.1.0 (including)
Spring_security Vmware 3.1.1 (including) 3.1.1 (including)
Spring_security Vmware 3.1.2 (including) 3.1.2 (including)
Spring_security Vmware 3.1.3 (including) 3.1.3 (including)
Spring_security Vmware 3.1.4 (including) 3.1.4 (including)
Spring_security Vmware 3.2.0 (including) 3.2.0 (including)
Spring_security Vmware 3.2.1 (including) 3.2.1 (including)
Spring_security Vmware 3.2.2 (including) 3.2.2 (including)
Spring_security Vmware 3.2.3 (including) 3.2.3 (including)
Spring_security Vmware 3.2.4 (including) 3.2.4 (including)
Libspring-security-2.0-java Ubuntu precise *
Libspring-security-2.0-java Ubuntu trusty *
Libspring-security-2.0-java Ubuntu vivid *
Libspring-security-2.0-java Ubuntu wily *

Potential Mitigations

References