CVE-2017-9393 – This vulnerability in CA Identity Manager allow... (How to Fix)

Q: What is the severity of CVE-2017-9393?

CVE-2017-9393 has a CVSS score of 9.8 (CRITICAL). This vulnerability in CA Identity Manager allows remote attackers to potentially identify passwords of locked accounts through brute-force or exhaustive search attacks. It affects CA Identity Manager versions r12.6 through r12.6 SP8, 14.0, and 14.1, exposing organizations using these versions to credential compromise risks.

📋 TL;DR

This vulnerability in CA Identity Manager allows remote attackers to potentially identify passwords of locked accounts through brute-force or exhaustive search attacks. It affects CA Identity Manager versions r12.6 through r12.6 SP8, 14.0, and 14.1, exposing organizations using these versions to credential compromise risks.

💻 Affected Systems

Products:

CA Identity Manager

Versions: r12.6 through r12.6 SP8, 14.0, and 14.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable unless patched.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could brute-force passwords for locked accounts, gain unauthorized access to sensitive systems, and potentially escalate privileges within the identity management infrastructure.

🟠

Likely Case

Attackers could identify passwords for some locked accounts, leading to unauthorized access to systems managed by CA Identity Manager.

🟢

If Mitigated

With proper account lockout policies and monitoring, impact is limited to failed login attempts that trigger alerts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability enables brute-force attacks against locked accounts, which is a straightforward attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from CA Security Notice CA20170921-01

Vendor Advisory: https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from CA Support. 2. Apply the patch according to CA documentation. 3. Restart CA Identity Manager services. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Implement Account Lockout Policies

all

Configure strict account lockout policies to limit brute-force attempts

Network Segmentation

all

Restrict access to CA Identity Manager interfaces to trusted networks only

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the CA Identity Manager interface
Enable comprehensive logging and monitoring for failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check CA Identity Manager version against affected versions: r12.6 through r12.6 SP8, 14.0, and 14.1

Check Version:

Check CA Identity Manager administration console or installation logs for version information

Verify Fix Applied:

Verify patch installation and check that version is no longer in vulnerable range

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts for locked accounts
Unusual authentication patterns

Network Indicators:

High volume of authentication requests to CA Identity Manager endpoints

SIEM Query:

source="ca_identity_manager" AND (event_type="authentication_failure" AND account_status="locked") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2017-9393

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

Published: September 22, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/100956 Third Party Advisory,VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html Vendor Advisory
http://www.securityfocus.com/bid/100956 Third Party Advisory,VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-9393, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager by Ca

Identity Manager Virtual Appliance by Ca

Identity Manager Virtual Appliance by Ca

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Implement Account Lockout Policies

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities