ServerName Property
Andrew Petro
apetro at unicon.net
Tue Sep 4 16:02:28 EDT 2007
Dom,
Correct. A compromised service can illicitly proxy service tickets
intended for its validation to access other services. This doesn't
(necessarily) amount to compromising those other services to the extent
the original service is compromised, but it does leak privileged
information from other systems to the compromised application.
Andrew
> Andrew,
>
> Please excuse my lack of understand here.
>
> So without a self aware client (property based server host) one compromised
> service can exploit all services by forging the host name in the header. Correct?
>
> Regards,
>
> Dom
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list