One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies.
These vulnerabilities’ implications include the ability for an attacker to remotely cause a denial-of-service (DoS) attack as well as the ability for an attacker to access sensitive user information. No further details will be provided at this time.
Disclosure – the Responsible Way
We disclosed the vulnerabilities to CA Technologies, and they worked with us to remediate this issue. CA Technologies successfully developed a defense-in-depth patch that fully addressed the Single Sign-On bugs.
If your business uses CA Single Sign-On, you can find more information about that patch here.
We commend CA Technologies for springing to action on behalf of their clients and for being committed partners with us in the responsible disclosure process.
The Importance of Patches
Regular patching and updating are necessities in today’s vulnerable world. New bugs are discovered daily, and yesterday’s security can easily fade into tomorrow’s uncertainty. This situation serves as a much-needed reminder of the importance of timely patching.
Check for software updates often and install them as soon as possible. Even though they may come across as inconvenient or appear redundant, patches and updates are essential for maintaining a strong security posture and, by association, peace of mind.
Special thanks to CA Technologies for working together with us.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Feb 05, 2025
From Dial Tone to Throne: IVR Testing in the Spirit of The King of NYNEX
Jan 30, 2025
Hacking the Norm: Unique Career Journeys into Cybersecurity
Jan 10, 2025
Navigating Workplace Security: Red Team Insights for the Return to Office
Dec 12, 2024
Our Favorite Pen Testing Tools: 2024 Edition