View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA eTrust Admin GINA authentication bypass vulnerability

Date Discovered:
8 Mar 2007

Date Published:
9 Mar 2007

Last Updated:
3 Apr 2007

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  Medium
Simplicity:  Medium

Characteristics

Vulnerability ID:  35145
Discovered By:  Anonymous

Exploitable Locally:  Yes
Exploitable Remotely:  No

Impact:  A local attacker can bypass authentication and gain privileged access.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA eTrust Admin contains a vulnerability that can allow a local attacker to bypass authentication and gain privileged access. The vulnerability is due to improper functioning of eTrust Admin GINA password reset interface. An attacker can exploit this vulnerability to bypass authentication and gain privileged access.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA eTrust Admin 8.1, CA eTrust Admin 8.1 SP1, CA eTrust Admin 8.1 SP2

CA has issued an update to correct this vulnerability. Two update options are available.

CA eTrust Admin 8.1 SP2 (8.1.2), 8.1 SP1 (8.1.1), 8.1 (8.1.0):



1. Uninstall GINA and install 8.1 SP2 CR6 or later from the below link



http://supportconnectw.ca.com/public/etrust/etrustadmin-dmo/downloads/etrustadmin-updates.asp



or



2.Please download and replace the affected cube.exe with the fixed cube.exe.



Fixed cube.exe can be downloaded from the below link:-



ftp://ftp.ca.com/pub/etrust/etradm/ETRADM81SP2/CR_Manual_Updates-8.1sp2-CR6-070301.zip

-------------------------------------------------------------------------------
For: CA eTrust Admin 8.1, CA eTrust Admin 8.1 SP1, CA eTrust Admin 8.1 SP2

If applying the patch is not immediately feasible, Please ensure that Remote Desktop is disabled and physical host access is restricted to reduce exposure.

Back to top

Affected Technologies

Computer Associates: CA eTrust Admin 8.1
Computer Associates: CA eTrust Admin 8.1 SP1
Computer Associates: CA eTrust Admin 8.1 SP2

Back to top

References

CA: etrust_secnot_gina
Mitre CVE: CVE-2007-1345

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare