CAS 5.2.4 Login Page XSS
26 views
Skip to first unread message
Francisco Laria Saldaña
Jul 31, 2019, 9:04:34 PM7/31/19
to CAS Community
Hi,
We've got an installation of CAS 5.2.4, where we ran some security test and noticed that thee login page is allowing XSS, Does anyone know of settings or changes that can be made to the login module that can help us prevent this vulnerability?
Thanks,
Frank
Andy Ng
Aug 1, 2019, 5:58:16 AM8/1/19
to CAS Community
Hi Frank,
have you try this?
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
cas.httpWebRequest.header.xss=true- Andy
Francisco Laria Saldaña
Aug 1, 2019, 9:03:46 PM8/1/19
to CAS Community
Thanks, Andy. We'll try that and will let you know if it worked so others can use this answer as well.
Reply all
Reply to author
Forward
0 new messages