Symantec Privileged Access Management

  • 1.  CA PAM client logon vulnerability?

    Posted 10-20-2017 04:30 PM

    If I open multiple client windows on my laptop and log in as two different accounts ( super, and a domain user) I do not see anything in the Session Log for the second login. Am I missing something or is this a bug? I am currently working with a POC of CA PAM 2.8.2. As an administrator, I am working on setting up policies and testing user access, so I often have to log in as different accounts. I noticed that the client will allow me to open another instance of the client and log in as a different user, and maintain two completely different sessions from my workstation. That way I don't have to keep logging out and in again. But when I have two client sessions open, the second session does not not show up under Sessions > Logs. It also doesn't show up under Sessions > Manage Sessions. 


    This seems like a huge vulnerability and I don't know how I can trust that the system is accurately capturing login data for auditing purposes.

    Please correct me if this is incorrectly configured or let me know if you'd like screenshots..

  • 2.  Re: CA PAM client logon vulnerability?
    Best Answer

    Posted 10-24-2017 10:49 AM


    i have testing on my lab appliance (it is ver 3.0.1 ) , all sessions are appearing on the Manage session as you can see

    i didn't try it on ver 2.8.x , anyway i advice you to go upgrade and test the new version (3.0.1) , many new features including new and easier graphics and also encrypting stored recording sessions.


    Best regards