One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies.
These vulnerabilities’ implications include the ability for an attacker to remotely cause a denial-of-service (DoS) attack as well as the ability for an attacker to access sensitive user information. No further details will be provided at this time.
Disclosure – the Responsible Way
We disclosed the vulnerabilities to CA Technologies, and they worked with us to remediate this issue. CA Technologies successfully developed a defense-in-depth patch that fully addressed the Single Sign-On bugs.
If your business uses CA Single Sign-On, you can find more information about that patch here.
We commend CA Technologies for springing to action on behalf of their clients and for being committed partners with us in the responsible disclosure process.
The Importance of Patches
Regular patching and updating are necessities in today’s vulnerable world. New bugs are discovered daily, and yesterday’s security can easily fade into tomorrow’s uncertainty. This situation serves as a much-needed reminder of the importance of timely patching.
Check for software updates often and install them as soon as possible. Even though they may come across as inconvenient or appear redundant, patches and updates are essential for maintaining a strong security posture and, by association, peace of mind.
Special thanks to CA Technologies for working together with us.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Oct 15, 2024
Off the Fox Den Bookshelf: Security and Tech Books We Love
Sep 17, 2024
Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing
Aug 28, 2024
Offensive Security Under the EU Digital Operational Resilience Act (DORA)
Aug 13, 2024
Manipulating the Mind: The Strategy and Practice of Social Engineering