Vulnerability Management, Network Security

IBM Security Verify Access impacted by dozens of bugs

Share
Debugging binary code with bug inside magnifying glass

IBM Security Verify Access, an authorization and network security policy management solution, was discovered by IT security researcher Pierre Barre to be impacted by 32 security vulnerabilities, at least half of which could have been leveraged to facilitate total authentication infrastructure compromise, according to SecurityWeek.

Malicious multi-factor authenticators could be added by threat actors to ISVA through the abuse of the solution's authentication bypass issue and back-end access, which could then allow complete infrastructure takeovers, noted Barre. "Note that even with network restrictions, a low privileged user on a trusted machine can fully compromise the authentication solution, since the back-end used to manage the entire authentication infrastructure can be reached without authentication by sending a specific HTTP header," Barre said. With IBM refusing to address the flaws as it passed the responsibility of communications filtering to their customers, organizations have been urged by Barre to mitigate the threat through network segmentation and the adoption of additional authentication measures.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.