Latest OpenView flaw part of widespread security bypass trend

Article

Latest OpenView flaw part of widespread security bypass trend

Edmund X. DeJesus, Contributor

A vulnerability in Hewlett-Packard's OpenView Select Access threatens to allow remote attackers to bypass restrictions and access enterprise resources. Administrators need to apply patches to fix the problem, which is only the latest of a number of recent HP OpenView vulnerabilities.

HP's OpenView Select Access is designed to manage user identities and provide secure Web-based access to network and enterprise resources. Select Access has a

    Requires Free Membership to View

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

problem decoding URL inputs that contain Unicode characters encoded with UTF-8.This can allow remote attackers to use URLs containing special characters to bypass some access restrictions to resources. The problem is known to affect HP OpenView Select Access versions 5.x and 6.x. HP has released patches.

This is only the latest vulnerability to affect OpenView. Other previously-reported problems in the past six months have included at least two more security bypass issues, as well as denial of service difficulties.

However, security bypass is emerging as a widespread problem in many applications besides Select Access. Since the beginning of 2004, there have been at least a dozen significant examples. Affected applications have included Apache, BEA WebLogic, eTrust Antivirus, F-Secure Anti-Virus, Microsoft Internet Explorer and Microsoft Outlook. When exploited remotely, security bypass can be a stepping stone for attackers to do more serious damage to systems.