CA Single Sign-On Software Update: Stay Secure

Woman sitting at desktop computer holding her chin

Share

One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies.

These vulnerabilities’ implications include the ability for an attacker to remotely cause a denial-of-service (DoS) attack as well as the ability for an attacker to access sensitive user information. No further details will be provided at this time.

Disclosure – the Responsible Way

We disclosed the vulnerabilities to CA Technologies, and they worked with us to remediate this issue. CA Technologies successfully developed a defense-in-depth patch that fully addressed the Single Sign-On bugs.

If your business uses CA Single Sign-On, you can find more information about that patch here.

We commend CA Technologies for springing to action on behalf of their clients and for being committed partners with us in the responsible disclosure process.

The Importance of Patches

Regular patching and updating are necessities in today’s vulnerable world. New bugs are discovered daily, and yesterday’s security can easily fade into tomorrow’s uncertainty. This situation serves as a much-needed reminder of the importance of timely patching.

Check for software updates often and install them as soon as possible. Even though they may come across as inconvenient or appear redundant, patches and updates are essential for maintaining a strong security posture and, by association, peace of mind.

Special thanks to CA Technologies for working together with us.

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.


Default fox headshot purple

About the author, Bishop Fox

This represents research and content from the Bishop Fox team.

More by Bishop

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.