Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phishing Exploit Possible Since RubyCAS Server Lacks Service Whitelist #183

Open
adaburrows opened this issue Jul 11, 2013 · 1 comment
Open

Phishing Exploit Possible Since RubyCAS Server Lacks Service Whitelist #183

adaburrows opened this issue Jul 11, 2013 · 1 comment
Milestone
rubycas 2.0

Comments

@adaburrows
Copy link

It is possible to construct a malicious link to the login page containing a service URL which redirects the user to a phishing form which looks just like the login form. If the user is unaware of the URL, they might give their credentials away thinking their session just timed out.
@mitfik
Copy link
Contributor

mitfik commented Aug 11, 2013

Yes, this feature will be a part of the rubycas2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
rubycas 2.0
Development

No branches or pull requests
2 participants
@adaburrows @mitfik