Critical Drupal Vulnerability | Technology Services Organization

WHAT'S HAPPENING?
A critical Drupal vulnerability has been announced that allows CAS-authenticated sessions to be re-initialized even though the single-use ticket has been deleted.

WHO IS AFFECTED?
Users managing a non-TSO-managed Drupal system running one of the affected CAS Server module versions below. This would include those managing Drupal instances on OIT WebHosting.

Affected versions:
CAS Server 6.x-2.x versions prior to 6.x-3.3.
CAS Server 7.x-2.x versions prior to 7.x-1.3.

WHAT DO YOU NEED TO DO?
Affected users should upgrade to the latest CAS Server module as soon as possible. See http://drupal.org/node/2231663 for further information.

WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).

Technology Services Organization

College of Computing

Georgia Institute of Technology