Security Audit: Agent Temp directory Accessible to All Users - Folder/File Permission: Authenticated Users in Windows Server
search cancel

Security Audit: Agent Temp directory Accessible to All Users - Folder/File Permission: Authenticated Users in Windows Server

book

Article ID: 366955

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

A security Audit performed on Agents deployed on Windows and Unix revealed the following security gaps.

1. All Users have Read Access to Secret Keys and Passwords on the attached report (TLS and transfer keys in the ./security folder and ./trustedCert folder).

2. All Users have Write Access to the 'Temp Folder in the attached report.

 

Environment

System agents of One Automation on Windows and Linux/UNIX in version 21.

Cause

Currently these points are considered as potential vulnerabilities and will be reviewed/improved.

Resolution

R&D is currently reviewing these points and will decide on their next action. A Story ticket has been opened for these two topics.

Additional Information

Releated JIRA and Rally Tickets

Story ART-8119
Tile: Bosch Pentest - Agent's Folder and File Access

Rally ticket F137634https://rally1.rallydev.com/#/466818326300d/portfolioitemstreegrid?detail=%2Fportfolioitem%2Ffeature%2F719487549631%2Fdetails

Powered by Wolken Software