BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
Description
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.
The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.
In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.
Affected products
1- BMC/Control-M/Agentv5Range: 9.0.20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitrevendor-advisory
- bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitremitigation
News mentions
0No linked articles in our index yet.