Synopsis:
Publisher Matching Criteria Bypass in Privilege Management for Windows (PMfW)
Impacted Product:
Privilege Management for Windows (PMfW)
Summary:
A vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could bypass Publisher application matching. Privilege Management for Windows has various matching criteria for targeting applications on the endpoint. PMfW can use a signed application certificate to determine the Publisher of the application. By default, this was matching against the user’s certificate store. This check could be bypassed by importing a self-signed certificate into the user’s certificate store.
Mitigation:
Privilege Management for Windows default behavior has been changed to check against the machine certificate store by default. This change was implemented in PMfW version 5.7 SR1. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | Prior to 5.7 SR1 |
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | 5.7 SR1 and above |
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.