{"vuid":"VU#720017","idnumber":"720017","name":"Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change","keywords":["Entrust Authority Security Manager","EASM","multiple authorization","master user","gui","cli"],"overview":"Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users.","clean_desc":"Entrust Authority Security Manager (EASM) is a public-key infrastructure (PKI) that includes a certificate authority (CA). EASM defines several privileged master users that have the ability to perform sensitive master user functions on the CA. Sensitive master user functions can be configured to require multiple authorizations by master users. Changing the password of a master user is considered to be a sensitive operation that requires multiple authorizations. Under certain conditions, possibly involving the command line interface (CLI), the multiple authorization requirement is not enforced, allowing a single master user to change the password of another master user. The following text was provided by Keith Sollers of Ernst & Young: Entrust Authority Security Manager Multiple Authorization Vulnerability Ernst & Young announces the discovery of a vulnerability in Entrust\nAuthority Security Manager (EASM) for Solaris and Windows NT. The Common Vulnerabilities and Exposures (CVE) project has assigned\nthe name CAN-2002-0712 to this issue. This is a candidate for inclusion\nin the CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. Background: EASM functions as a certificate authority within a public-key\ninfrastructure (PKI). It issues certificates for entities and publishes\ncertificate status information to an associated repository. Special\nusers, called master users, are responsible for maintenance of critical\nprocesses that enable EASM to perform its core functions. By default,\nthree master user IDs are created upon installation of EASM, master1,\nmaster2, and master3. These user IDs cannot be changed. EASM can be configured to require multiple authorization for so-called\nsensitive master user functions. However, the master user function of\nchanging another master user's password is not a sensitive function. Therefore, any one master user can circumvent the multiple authorization\nrequirement for any sensitive function by first changing another master\nuser's password to a known password, and then impersonating that other\nmaster user during the multiple authorization process. Systems Affected: Solaris 7 and Windows NT 4.0 with EASM version 6.0 installed. EASM\nversion 6.0 on other platforms, and previous versions of EASM on all\nplatforms, may also be affected, but were not tested. Impact: For systems that utilize the EASM multiple authorization feature for\nmaster user sensitive functions, a single attacker would be successful\nin performing unauthorized functions on the EASM, such as stopping critical\nservices (denial of service). Recommendation: For systems where the multiple authorization of master user sensitive\nfunctions is desired, we recommend the introduction of mitigating logical\nand/or physical controls that assure multiple master users are involved\nduring the multiple authorization process. THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY ERNST & YOUNG LLP\n\"AS IS\", \"WHERE IS\", WITH NO WARRANTY OF ANY KIND, AND ERNST & YOUNG LLP HEREBY\nDISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND\nFITNESS FOR A PARTICULAR PURPOSE. ERNST & YOUNG LLP SHALL HAVE NO LIABILITY\nFOR ANY DAMAGE, CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION\nCONTAINED IN THIS VULNERABILITY ALERT.","impact":"A single EASM master user could change the password of another master user, thereby gaining the ability perform sensitive operations that require multiple authorizations. This could allow a master user to stop EASM services, causing a denial of service.","resolution":"Upgrade or Patch\nThis issue is resolved with mandatory upgrade 6.0.1 released on July 2, 2002.","workarounds":"Provide Physical Access Controls Provide additional logical and/or physical access controls to enforce the multiple authorization requirement to change master users' passwords.","sysaffected":"","thanks":"This vulnerability was analyzed and reported by Keith Sollers of Ernst and Young.","author":"This document was written by Art Manion.","public":["http://www.entrust.com/authority/manager/datasheet.htm","http://www.entrust.com/authority/manager/faqs.htm","http://www.entrust.com/authority/manager/features.htm"],"cveids":["CVE-2002-0712"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-12-09T15:13:14Z","publicdate":"2003-04-04T00:00:00Z","datefirstpublished":"2003-04-04T17:45:01Z","dateupdated":"2003-06-27T15:39:18Z","revision":31,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.15","cam_scorecurrentwidelyknown":"1.575","cam_scorecurrentwidelyknownexploited":"3.075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.15,"vulnote":null}