CVE-2019-18573 in RSA Identity Governance
Summary
by MITRE
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim�s session and perform arbitrary actions with privileges of the user within the compromised session.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/15/2024
The RSA Identity Governance and Lifecycle product version 7.1.1 P03 and earlier contains a critical session fixation vulnerability that poses significant security risks to organizations relying on this identity management platform. This vulnerability affects both RSA Identity Governance and Lifecycle as well as RSA Via Lifecycle and Governance products, creating a widespread concern across enterprise identity management systems. The flaw stems from improper session management practices where session tokens are exposed within URL parameters rather than being securely handled through dedicated session management mechanisms.
The technical implementation of this vulnerability involves the exposure of session tokens as URL parameters, which creates a fundamental breach in secure session handling protocols. When authenticated users access the system, their session identifiers become visible in the URL structure, making them susceptible to interception and exploitation. This violates established security principles for session management and creates an attack surface that malicious actors can leverage to hijack active user sessions. The vulnerability specifically targets the session fixation attack pattern where an attacker can manipulate session tokens to establish a persistent foothold within the target environment.
The operational impact of this vulnerability extends beyond simple session hijacking, as it enables authenticated malicious users to perform arbitrary actions with the privileges of the compromised user. This creates a pathway for privilege escalation attacks and unauthorized access to sensitive identity management functions. The remote exploitation capability means that attackers do not require physical access to the target system, making the vulnerability particularly dangerous in networked environments. Attackers can leverage this weakness to gain persistent access to identity governance functions, potentially compromising the integrity of the entire identity management infrastructure.
Organizations should immediately implement mitigations including immediate patching to version 7.1.1 P03 or later, which addresses the session token exposure issue through proper session management implementation. Network segmentation and monitoring of URL parameters containing session identifiers should be implemented to detect potential exploitation attempts. The vulnerability aligns with CWE-384, which specifically addresses session fixation vulnerabilities in web applications, and maps to ATT&CK technique T1563.002 for credential access through session hijacking. Additional protective measures include implementing secure session management protocols, disabling URL-based session handling, and establishing comprehensive monitoring for suspicious session token usage patterns. The remediation process must also include thorough security testing to ensure that no other session management flaws exist within the identity governance platform.