Dom, Correct. A compromised service can illicitly proxy service tickets intended for its validation to access other services. This doesn't (necessarily) amount to compromising those other services to the extent the original service is compromised, but it does leak privileged information from other systems to the compromised application.
Andrew > Andrew, > > Please excuse my lack of understand here. > > So without a self aware client (property based server host) one compromised > service can exploit all services by forging the host name in the header. > Correct? > > Regards, > > Dom > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
