eTrust Access Control Allows Spoofed Administrator Access

 

Reported August 11, 2000 by Sanjay Venkateswarulu

VERSIONS AFFECTED

eTrust Access Control 4.1, including SP1 DESCRIPTION

Computer Associate's eTrust Access Control is vulnerable to administrative masquerade attack, which allows an intruder to gain administrative access to the product, and thus a significant portion of the network protected by the product.

If the default encryption key is used during installation then the key can be replicated on another system in an effort to compromise security. To compromise a remote system an attacker would install the product on a system using the default encyption key and the same administrator account name as the remote system to be attacked. since the account name and encryption matches on both systems, an intruder could then connect to the a remote system masquerading as a legitimte administrator.

VENDOR RESPONSE

Computer Associates has released a patch which corrects this vulnerability.

In addition, Computer Associates sent us the following information to help clarify this matter with eTrust users:

"In order to administer a host that has eTrust Access Control installed, configured and running, one needs to fulfill three conditions:

a) You must be defined as an eTrust Access Control Administrator in the eTrust Access Control database on the host into which you are trying to break in. Please bear in mind that eTrust Access Control Administrator does not have to be the same user as the NT Administrator.

b) The accessing host (from which you are trying to break in) must be defined in the eTrust Access Control Database on the host into which you are trying to break in and the eTrust Access Control Administrator should have the appropriate access authorization defined for this host in the database.

c) You must have knowledge of the system encryption key. Communication between different parts of eTrust Access Control is authenticated and encrypted and we therefore strongly recommend that you replace the default encryption key by a key of your choice. This is highlighted at install time. The sechkey utility supplied with the product enables you to do this at any time subsequently.

So, without fulfilling these three conditions of being a registered administer, working from an authorized workstation, and knowing the system key, you will not be able to administer a host which runs eTrust Access Control.

If a system is set up so that (a), (b), and (c) are true, then the issue described in this bulletin applies. This would need a conscious decision by the administrator. The fix is simply to correct the system so that mis-configuration no longer applies. The above statements are applicable to both eTrust Access Control for Unix and eTrust Access Control for Windows NT."

CREDIT
Discovered by Sanjay Venkateswarulu