what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CA Identity Governance Username Enumeration

CA Identity Governance Username Enumeration
Posted Oct 19, 2018
Authored by Kevin Kotas, Jake Miller | Site www3.ca.com

CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an attacker can gain sensitive information. CA published solutions to address the vulnerability. The vulnerability occurs due to how CA Identity Governance responds to login requests. An attacker may exploit the vulnerability to enumerate account names. Affected products include CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 and CA Identity Governance 12.6, 14.0, 14.1, and 14.2.

tags | advisory
advisories | CVE-2018-14597
SHA-256 | 77fb382be97c445901464a21707cba72f39427d270744ebfe38f59cd2119ab24

CA Identity Governance Username Enumeration

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20181017-01: Security Notice for CA Identity Governance

Issued: October 17, 2018
Last Updated: October 17, 2018

CA Technologies Support is alerting customers to a low risk issue
with CA Identity Governance. In a certain product configuration, an
attacker can gain sensitive information. CA published solutions to
address the vulnerability.

The vulnerability, CVE-2018-14597, occurs due to how CA Identity
Governance responds to login requests. An attacker may exploit the
vulnerability to enumerate account names.

Risk Rating

Low

Platform(s)

All supported platforms

Affected Products

CA Identity Suite Virtual Appliance 14.0
CA Identity Suite Virtual Appliance 14.1
CA Identity Suite Virtual Appliance 14.2

CA Identity Governance 12.6
CA Identity Governance 14.0
CA Identity Governance 14.1
CA Identity Governance 14.2

How to determine if the installation is affected

Customers may verify the cumulative fix level of CA Identity Suite
Virtual Appliance 14.1 and CA Identity Governance 14.1 as indicated
in the Solution section.

For the remaining product releases, CA customers should apply the
fixes from the Solution section and keep a log for future validation.

Solution

CA Technologies published the following solutions to address the
vulnerability.

CA Identity Suite Virtual Appliance 14.0:
SS05684

CA Identity Suite Virtual Appliance 14.1:
Update to CP-IGV-140100-0002 or later

CA Identity Suite Virtual Appliance 14.2:
SS05686

CA Identity Governance 14.2:
SS05315

CA Identity Governance 14.1:
Update to CP-IG-140100-0003 or later

CA Identity Governance 14.0:
SS05312

CA Identity Governance 12.6:
SS05311

References

CVE-2018-14597 - Identity Governance username enumeration

Acknowledgement

CVE-2018-14597 - Jake Miller

Change History

Version 1.0: 2018-10-17 - Initial Release

Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBW8d217lJjor7ahBNAQiGlBAAh+OKV+Nxd8gsQrybebvfSZMdCnm3u3Nr
/leDwdZTZnpIBjoXZ2XqVxuBCGEPSxDhZgiev+JtykRw1VM+G6gk5U7MRrYQuflG
QkznAT/XF2PS48ckmtTI6AAz2FdIjcO0PWtmM+0iIj3dpF9oyjC5swDShRvsX2Ws
7tJyFQUnvLbtzaiFgRZ6I6kVj30as+FSrYzX1aseIVq9t6SvVXdn1nTuIczbTF80
B3xCoMybFzS+XWQXd2huD3vgAafO+W+IuOXitLAsy5p0uT/JGNsx+Ek3LB20f9XC
NofD08FdmVfiCs8uBftR070J9fsvTKjv2orNWHP34kKbJQfeCipzfQRXZImgA0of
45aj3bpxxDRq1AZsxCvVF9i8UheJrgjscbEz31KVxlEBBAumm9g5EZEapTW8TqX3
Myhbh4PSncRcqqi1PpVbmHjkFDaB3EL0eaJSeWbV4tOBej3lxvYytCoHWkpoe9+v
C7Wn6Wf/hk5AuMDLL4s8RZHYRT1geEGiMV32RUgcuMSeGzgUDrQaDE/bcJNuMxu7
i77OFmy8u338/ggHLn51LcoMkPl8sDrHk44WvYLCfPwJcWhlyA0KdTmADMhOlk8I
zFH1Ti/HNz1g+u1tIo50vkKUard8bcb3Etvj/SXD3y2g7pAWFays00yhSOGCLpjb
7c8gLqzXdy0=
=lgVP
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close