====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN195
_____________________________________________________________________

DATE                : 22/05/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Shibboleth Identity Provider
versions                                        prior to 3.3.3.

=====================================================================
https://shibboleth.net/community/advisories/secadv_20180516.txt
_____________________________________________________________________


Shibboleth Identity Provider Security Advisory [16 May 2018]

Shibboleth IdP vulnerable to information disclosure via CAS protocol
====================================================================
The CAS protocol uses a weak process for seeding the random number
generator used to generate ticket identifiers, which creates a risk of
issuing duplicate ticket identifiers in some cases. The vulnerability
exclusively affects the SimpleTicketService component that was the
default prior to version 3.3.0; only deployments using this component
are affected. Version 3.3.0 and later shipped with a new component,
EncodingTicketService, enabled by default. Deployers that upgraded from
a 3.x version to 3.3.0 or better and did NOT modify CAS configuration
are affected because default component preferences are not modified on
minor upgrades.

Duplicate tickets have been observed in situ under synthetic load, so we
expect that it is generally practical to exercise the vulnerability. In
general, where N tickets are issued with the same identifier, there is a
(N-1)/N chance that the ticket will be dereferenced into the principal
of the wrong user, leading to information disclosure and impersonation
risk.

Recommendations
===============
Review the following configuration file to determine whether you are
using the affected component, SimpleTicketService: [1]

conf/cas-protocol.xml

If true, take one of the following actions:

1. Upgrade to version 3.3.3 of the Shibboleth Identity Provider.
2. Switch from SimpleTicketService to EncodingTicketService. [1]

Please note that some CAS clients are not compatible with the
identifiers roduced by EncodingTicketService, notably current versions
of mod_auth_cas (1.1) and phpCAS (1.3.5). It appears that the next
version of phpCAS (1.3.6) will be compatible. [2]

References
==========
[1] https://wiki.shibboleth.net/confluence/x/pgIUAQ
[2] https://github.com/apereo/phpCAS/issues/248

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20180516.txt

Credits
=======
John Morton, Cal Poly
Marvin S Addison, Virginia Tech

===============================================================
+ CERT-RENATER               | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel         | fax : 01-53-94-20-41           +
+ 75013 Paris                | email: cert@support.renater.fr +
===============================================================