exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Client Automation OS Installation Management Insecure Storage

CA Client Automation OS Installation Management Insecure Storage
Posted May 7, 2017
Authored by Kevin Kotas | Site www3.ca.com

A vulnerability exists due to insecure storage of account credentials used by OS Installation Management during operating system installation. A local attacker can potentially access a sensitive file containing account credentials and decrypt a password. Depending on the privileges associated with the credentials, an attacker can potentially gain further access. This vulnerability only affects operating system installations created by CA Client Automation with OS Installation Management. Versions affected include CA Client Automation r14.0, r14.0 SP1 and CA Client Automation r12.9.

tags | advisory, local
advisories | CVE-2017-8391
SHA-256 | 379b013c4b3c51375804f709509f608366ef08dc24ca477e7fb8e4d863cfd0cd

CA Client Automation OS Installation Management Insecure Storage

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170504-01: Security Notice for CA Client Automation OS
Installation Management

Issued: May 4, 2017
Last Updated: May 4, 2017

CA Technologies is alerting customers to a potential risk with CA
Client Automation OS Installation Management. A vulnerability exists
that can allow a local attacker to gain sensitive information on
operating systems installations created by CA Client Automation OS
Installation Management. A solution is available.

The vulnerability, CVE-2017-8391, occurs due to insecure storage of
account credentials used by OS Installation Management during
operating system installation. A local attacker can potentially
access a sensitive file containing account credentials and decrypt
a password. Depending on the privileges associated with the
credentials, an attacker can potentially gain further access. This
vulnerability only affects operating system installations created by
CA Client Automation with OS Installation Management.

Risk Rating

High

Platform(s)

Windows, Linux

Affected Products

Only CA Client Automation releases implementing OS Installation
Management are vulnerable.

CA Client Automation r14.0, r14.0 SP1
CA Client Automation r12.9

CA Client Automation (formerly CA IT Client Manager) Release and
Support Lifecycle Dates

How to determine if the installation is affected

Customers may review the technical document in the solution section
to determine if any operating system installation created by CA
Client Automation OS Installation Management is affected.

Solution

CA Technologies published the following solution to address the
vulnerability.

CA Client Automation, all releases:

Follow the instructions in TEC1911981

References

CVE-2017-8391 - Client Automation OS Installation Management
insecure password storage

Acknowledgement

CVE-2017-8391 - Christoph Falta

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBWQyL5MMr2sgsME5lAQraoxAAnuqXSlrCUIZrmwY1+JdqmclxgSEn7OJi
StmIM2ujSaZhNcrk9uAbXEmdsIiuOPKYsqPjDZLqLjv//EO8KTmgfvuclwITtUax
ik8Bio4+w1HEIuqVaaO+RTP00y+NzsyVrDX5wilW2xLXYgC3yfqOUevFIvCWG8vW
DVlQAkSt1PSEPfc4JBt3kYK20QJ1ZpASfxss4FGxc4emtpT34bPZKn3hh9MYa9A5
Qmejo0cWHqic6g3Xu/4t23yuE19YzrMyhCIC796Ak4TIv8r+aQZXkUTWxkSUV6Cs
eBsnqv/Fut5oOMYQBZmhDE5aLNEGyT+Xy4SinNOcBeCQt2I3Ym2N4XjfXsmux+JF
zVIeN6fbz7g7Xnih8NQMHW/pdNv3tzesI2vVJDrzSp7s563H0B8hbMu2hHHeALZQ
AoDqf9+cugBtt3GSyhshb2NDw0zYHPpVRkTrkU5QCq3LC+Kl4lpclfmoc+C5mXd/
vX94Z22Nr57KBSqNs4xaefHRgvxirwkK/t7ersuoPbDXBra3v89QYb9//IkIc4vz
cVoXJin7yLCf3TIAQE17P0mAUTGKxfZWZwR54vbeZzSp4eh1EMtuxeyr+v5MDwuP
YeTcr9wSFOux99bufHDfpp7h8eqFAelkx/SskCOQ8503sChss6yUOEaP+80yDau2
42isb+fV/dc=
=kkkx
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close