One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies.
These vulnerabilities’ implications include the ability for an attacker to remotely cause a denial-of-service (DoS) attack as well as the ability for an attacker to access sensitive user information. No further details will be provided at this time.
Disclosure – the Responsible Way
We disclosed the vulnerabilities to CA Technologies, and they worked with us to remediate this issue. CA Technologies successfully developed a defense-in-depth patch that fully addressed the Single Sign-On bugs.
If your business uses CA Single Sign-On, you can find more information about that patch here.
We commend CA Technologies for springing to action on behalf of their clients and for being committed partners with us in the responsible disclosure process.
The Importance of Patches
Regular patching and updating are necessities in today’s vulnerable world. New bugs are discovered daily, and yesterday’s security can easily fade into tomorrow’s uncertainty. This situation serves as a much-needed reminder of the importance of timely patching.
Check for software updates often and install them as soon as possible. Even though they may come across as inconvenient or appear redundant, patches and updates are essential for maintaining a strong security posture and, by association, peace of mind.
Special thanks to CA Technologies for working together with us.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Apr 02, 2024
Technology and Software: 2023 Insights From the Ponemon Institute
Apr 01, 2024
Practical Measures for AI and LLM Security: Securing the Future for Enterprises
Mar 12, 2024
Implementing the FDA's 2023 Requirements for Medical Device Cybersecurity
Feb 28, 2024
Unlocking Job Opportunities with LinkedIn and Artificial Intelligence