RSA Authentication Bypass Vulnerability will impact on SSO (formerly CA Siteminder)

book

Article ID: 17054

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Recently found vulnerability with RSA Authentication Agent SDK for C Error Handling Vulnerability and RSA Authentication Agent for Web for Apache Web Server Authentication Bypass Vulnerability



We're running Policy Server 12.7 and we'd like to know if Policy

Server is impacted by the RSA Authentication Bypass Vulnerability ?

 

CVE Identifier:  

 

  CVE-2017-14377

  CVE-2017-14378

 

These vulnerability affects :

 

RSA Authentication Agent API 8.5 for C

RSA Authentication Agent SDK 8.6 for C

 

Environment

Policy Server 12.7

Resolution

As per Support Matrix, Policy Server supports only 8.0 and 8.1 RSA

Authentication Manager and runs RSA Authentication Agent API and SDK

for C the same version. So the Policy Server isn't affected by these

Vulnerabilities.

 

PRODUCT SUPPORT MATRIX CA Single Sign - On 12.7

Third - Party Product Compatibility

https://support.ca.com/phpdocs/7/5262/5262-12-7-platform-support-matrix.pdf

 

  RSA Authentication Manager 8.1 8.0

 

  At the time of policy server development on Red Hat 7, 64 bit, RSA did not offer SDK support for this platform, so RSA 

  Authentication Manager is not yet supported on the Policy Server running on Red Hat 7

 

Additional Information

http://seclists.org/fulldisclosure/2017/Nov/48

 

http://seclists.org/fulldisclosure/2017/Nov/46