-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Shibboleth Identity Provider Security Advisory [16 May 2018]

Shibboleth IdP vulnerable to information disclosure via CAS protocol
====================================================================
The CAS protocol uses a weak process for seeding the random number generator
used to generate ticket identifiers, which creates a risk of issuing duplicate
ticket identifiers in some cases. The vulnerability exclusively affects the
SimpleTicketService component that was the default prior to version 3.3.0;
only deployments using this component are affected. Version 3.3.0 and later
shipped with a new component, EncodingTicketService, enabled by default.
Deployers that upgraded from a 3.x version to 3.3.0 or better and did NOT
modify CAS configuration are affected because default component preferences
are not modified on minor upgrades.

Duplicate tickets have been observed in situ under synthetic load, so we
expect that it is generally practical to exercise the vulnerability. In
general, where N tickets are issued with the same identifier, there is a
(N-1)/N chance that the ticket will be dereferenced into the principal of the
wrong user, leading to information disclosure and impersonation risk.

Recommendations
===============
Review the following configuration file to determine whether you are using the
affected component, SimpleTicketService: [1]

conf/cas-protocol.xml

If true, take one of the following actions:

1. Upgrade to version 3.3.3 of the Shibboleth Identity Provider.
2. Switch from SimpleTicketService to EncodingTicketService. [1]

Please note that some CAS clients are not compatible with the identifiers
produced by EncodingTicketService, notably current versions of mod_auth_cas
(1.1) and phpCAS (1.3.5). It appears that the next version of phpCAS (1.3.6)
will be compatible. [2]

References
==========
[1] https://wiki.shibboleth.net/confluence/x/pgIUAQ
[2] https://github.com/apereo/phpCAS/issues/248

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20180516.txt

Credits
=======
John Morton, Cal Poly
Marvin S Addison, Virginia Tech

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeW1wyJu/jZWJJfLtJ37IagfO64sFAlr7im0ACgkQJ37IagfO
64s/zA/+LP4TY/vfj20i57qTFHkeI471Y76A6WqWUk012S/AbqbLonj48IZrYqHY
6mj+WEoJqgQ1JxY0WzUeGGN2iUzEU0wHM3teKErT47GSkCf3RDzgVcLfOOZqp/2+
KUgSDr1+PvJlwxzH/0WCTfny9IIO43tKbqpqUKJEXRt+JGKXzzx97UHBeXwKCz2N
s1aYL43ytQqxexhcTi/pqfbGRaVrv8GxR65rOvyNmOtGmGwrF5HPK1KtKncmk3Ee
quYJINAFdFnui1jRTsrqJdweQGt8C8dCGp8glKBKW3RHQ9gdYT1PQgpaNNksYlRH
DQ6M12htCYtSkhrOYHhfpPJ61/Crvkmspz2uB0qPTn9PNWxug2UJvLLwN4wEhsUJ
LbA/1oy99VtD5Zc97m+JkKTjZgtwdnEONG7z5c4/AFm4LfCRmxWi1RfODYDvXb50
KkoRFff108p015VhhO2//2QJBL0UICMWk6AU4GMb5hZXUyRzZ0d5YjV/4UWf5wsY
m8yknRZVZVBE/q7o3rHGtFYFvGZvGvTL1IGM5CHjxRJojjXVSdSPjHFRqkD0W4ja
l6aaBxI52RSDNe18BBjpSrRFvd+0CmiqedHW+0U1oPeFacsnABpIo6TWJ2heKSuv
pdXcxJPTZdhHeW712WMzKYuKm9A9ZGs4fXgqIh0314R1PhIH0aI=
=Lq/Y
-----END PGP SIGNATURE-----