I have deployed a web application that uses cas 3.5.2 for single sign on. The web application uses the spring security cas authentication facility. Recently an internal audit find out that is possible to spoof the application because of unvalidated url redirects during login and logout. How can I mitigate this issue?
I've found a similar issue here, for example: https://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/T8Ei/content/id/40694045 see LPS-47482. Regards, Cesare -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
