Sensitive Information Exposure in CA Client Automation OS Installation Management Component

Sensitive Information Exposure in CA Client Automation OS Installation Management Component

CVE-2017-8391 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.

Learn more about our User Device Pen Test.