First published: Tue Dec 17 2024(Updated: )
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
Credit: secure@symantec.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.