Hole provides escalated privileges in CAs eTrust Admin
Software vendor CA has reported a vulnerability in eTrust Admin that allows users to escalate their privileges. The flaw is found in the product's GINA (Graphical Identification and Authentication) component, the log-in dialogue that users see on Windows, and its administration. According to the security report, users can apparently escalate their privileges via this interface where the password is reset. To do so, attackers do not necessarily even have to have direct access to a computer; access via remote desktop apparently also suffices. eTrust Admin 8.1 (8.1.0), SP2 (8.1.2) and SP1 (8.1.1) are affected. An update has been made available to remedy the problem.
- CA eTrust Admin Privilege Escalation Vulnerability, security advisory from CA
(ehe)