Latest OpenView flaw part of widespread security bypass trend

Edmund X. DeJesus, Contributor

A vulnerability in Hewlett-Packard's OpenView Select Access threatens to allow remote attackers to bypass restrictions and access enterprise resources. Administrators need to apply patches to fix the problem, which is only the latest of a number of recent HP OpenView vulnerabilities.

HP's OpenView Select Access is designed to manage user identities and provide secure Web-based access to network and enterprise resources. Select Access has a

    Requires Free Membership to View

problem decoding URL inputs that contain Unicode characters encoded with UTF-8.This can allow remote attackers to use URLs containing special characters to bypass some access restrictions to resources. The problem is known to affect HP OpenView Select Access versions 5.x and 6.x. HP has released patches.

This is only the latest vulnerability to affect OpenView. Other previously-reported problems in the past six months have included at least two more security bypass issues, as well as denial of service difficulties.

However, security bypass is emerging as a widespread problem in many applications besides Select Access. Since the beginning of 2004, there have been at least a dozen significant examples. Affected applications have included Apache, BEA WebLogic, eTrust Antivirus, F-Secure Anti-Virus, Microsoft Internet Explorer and Microsoft Outlook. When exploited remotely, security bypass can be a stepping stone for attackers to do more serious damage to systems.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: