CA Single Sign-On Software Update: Stay Secure

One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies.

These vulnerabilities’ implications include the ability for an attacker to remotely cause a denial-of-service (DoS) attack as well as the ability for an attacker to access sensitive user information. No further details will be provided at this time.

Disclosure – the Responsible Way

We disclosed the vulnerabilities to CA Technologies, and they worked with us to remediate this issue. CA Technologies successfully developed a defense-in-depth patch that fully addressed the Single Sign-On bugs.

If your business uses CA Single Sign-On, you can find more information about that patch here.

We commend CA Technologies for springing to action on behalf of their clients and for being committed partners with us in the responsible disclosure process.

The Importance of Patches

Regular patching and updating are necessities in today’s vulnerable world. New bugs are discovered daily, and yesterday’s security can easily fade into tomorrow’s uncertainty. This situation serves as a much-needed reminder of the importance of timely patching.

Check for software updates often and install them as soon as possible. Even though they may come across as inconvenient or appear redundant, patches and updates are essential for maintaining a strong security posture and, by association, peace of mind.

Special thanks to CA Technologies for working together with us.