I've found that the following link shows up all the configuration in cas.properties including LDAP passwords, and encryption keys.
https://localhost:8443/cas/configserver/cas/native We are in a deep trouble now, as we have some cas services exposed over the Internet [meaning encryption keys and LDAP credentials are exposed]. How to disable the config server, and secure CAS. Looks like its needs lot of hardening. Thanks -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMKufDYFBjCRZbjgxmvbsgBDLHG5GUK9C6BXTzcaBtJ1Vw%40mail.gmail.com.
