O envio de formulários no site de suporte está temporariamente indisponível para manutenção programada. Se precisar assistência imediata, entre em contato com o suporte técnico. Lamentamos o inconveniente.
An authentication bypass vulnerability in the RDP component of One Identity Safeguard for Privileged Sessions allows man-in-the-middle attackers to obtain unencrypted information to access privileged sessions on target resources.
This vulnerability is identified by CVE-2024-40595.
Causa
Connection setup for the RDP protocol includes several message exchanges between the client computer and the SPS appliance. It was discovered during an internal audit that under certain configurations, a sensitive piece of information was transferred from the client to SPS in plain text. A man-in-the-middle attacker can intercept this message and use the information to bypass authentication and get access to the victim’s target resource via a monitored session in SPS.
Resolução
Resolution
Upgrade to a patched version now available for download:
Authentication bypass is only practical when a credential store (e.g. Safeguard for Privileged Passwords) is configured in the connection policy. Otherwise, the attacker must perform a second authentication step at the target resource.
It is not possible to perform the attack invisibly, because the vulnerable sensitive information can only be used once, and only within a fixed time window. The attacker can not mount an attack without a victim performing the gateway authentication first.
The attacker might get access to a single session, which is recorded and monitored by SPS.
The attacker can not set the details of the obtained session. The target server and the account is determined by the victim’s connection and the SPS configuration only.
The integrity of the SPS appliance is not affected by this vulnerability.
Other supported protocols than RDP are not affected by this vulnerability.
Criado em: 8/1/2024 Última atualização em: 10/24/2024
Thank you for your feedback for Topic Request
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Bem-vindo ao Suporte
Você pode encontrar ajuda de suporte on-line para *produto* em um local de suporte afiliado. Clique em Continue (Continuar) para ser direcionado ao conteúdo de suporte correto e à assistência a *produto*.
Encerramento do suporte aos navegadores IE 8, 9 e 10
O Portal da One Identity não é mais compatível com IE8, 9 e 10. Recomendamos a atualização do navegador para a versão mais recente do Internet Explorer ou do Chrome.