phpCAS < 1.3.2 - Man-in-the-Middle Attack via Unverified X.509 Certificate
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Jasig phpCAS 1.3.4 - Authentication Bypass via validateCAS20 Function
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.