CVE-2017-8391

Name of the Vulnerable Software and Affected Versions CA Client Automation versions r12.9 through r14.0 SP1

Description The issue allows local users to obtain sensitive information by reading a local file that contains an encrypted password after operating system installation. This occurs because the OS Installation Management component places the encrypted password into a readable local file during the installation process.

Recommendations For CA Client Automation versions r12.9 through r14.0 SP1, consider restricting access to the local file that contains the encrypted password to minimize the risk of exploitation. As a temporary workaround, limit local user privileges to prevent them from reading the sensitive file until a fix is available.