WHAT'S HAPPENING?
A critical Drupal vulnerability has been announced that allows CAS-authenticated sessions to be re-initialized even though the single-use ticket has been deleted.
WHO IS AFFECTED?
Users managing a non-TSO-managed Drupal system running one of the affected CAS Server module versions below. This would include those managing Drupal instances on OIT WebHosting.
Affected versions:
CAS Server 6.x-2.x versions prior to 6.x-3.3.
CAS Server 7.x-2.x versions prior to 7.x-1.3.
WHAT DO YOU NEED TO DO?
Affected users should upgrade to the latest CAS Server module as soon as possible. See http://drupal.org/node/2231663 for further information.
WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).