[QI-3645][SG][CA PAM][MAS] RE: CA PAM

[QI-3645][SG][CA PAM][MAS] RE: CA PAM - MySQL Vulnerability

Article Id: 195924

Status: Published

Updated On: 20-08-2020 10:01

Products:

CA Privileged Access Manager (PAM) , CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction:

Customer routine VAST scan flagged out that CA PAM is vulnerable to MySQL Anonymous Login Handshake Remote Information Disclosure which uses TCP 6032.

The resolution given was to upgrade to MySQL 4.0.27 / 4.1.19 / 5.0.21 / 5.1.10 or later. This cannot be done as an appliance is a hardened appliance and the customer doesn’t have access to modify any part of the application.

Cause:

This is not a Vulnerability, MySQL uses port 3306 by default. This port should not be accessible from untrusted hosts.

Environment:

Release : 3.2.x, 3.3.0 and 3.3.1

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution:

The defect DE435560 has been addressed in PAM 3.3.2 and higher