ENTM timeout redirects you to logout page

book

Article ID: 38146

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Issue/Problem/Symptoms: 

On PIM 12.8 CF1: Once the session timeout is reached, you click on any link and you are requested to enter the credentials again, after the credentials are validated you are redirected to the page you wanted to go. 

On PIM 12.8 CF3: Once the session timeout is reached, you click on any link and you are requested to enter the credentials again, after the credentials are validated you are redirected to the Logout page, then customer has to modify the browser’s URL to the PIM login page, enter the credentials and then click the link he wanted to go. 

 

Environment:  

PIM 12.8 CF1 / PIM 12.8 CF3

 

Cause: 

This is a result of a vulnerability which exists on pre-CF3 and can be exploited, in CF1 we were not having CSRF validation in place, when we submit a request to server, for each request CSRF unique token will be validated and in the case that the token is not available or not valid the system will log out the user. This is the reason for the reported behavior. 

 

Resolution:

So to summarize, this is an expected behavior on PIM 12.8 CF3 as when user is logged out then the CSRF token becomes invalid and you can not login with the same token post session time out, so please close the browser and access the URL again.

Environment

Release: ACP1M005900-12.8-Privileged Identity Manager
Component: