Is PAM affected by CVE-2018-1312?

book

Article ID: 140836

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Please let us know if CVE-2018-1312  impacts PAM 3.2 or 3.3 versions?

CVE-2018-1312:

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Cause

N/A

Environment

Release : 3.2 or 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

PAM is NOT vulnerable to CVE-2018-1312 because it does not rely on HTTP Digest Authentication from the apache web server.