News Stay informed about the latest enterprise technology news and product updates.

Latest OpenView flaw part of widespread security bypass trend

A vulnerability in Hewlett-Packard's OpenView Select Access is only the latest in what's becoming a disturbing trend within application security.

A vulnerability in Hewlett-Packard's OpenView Select Access threatens to allow remote attackers to bypass restrictions...

and access enterprise resources. Administrators need to apply patches to fix the problem, which is only the latest of a number of recent HP OpenView vulnerabilities.

HP's OpenView Select Access is designed to manage user identities and provide secure Web-based access to network and enterprise resources. Select Access has a problem decoding URL inputs that contain Unicode characters encoded with UTF-8.This can allow remote attackers to use URLs containing special characters to bypass some access restrictions to resources. The problem is known to affect HP OpenView Select Access versions 5.x and 6.x. HP has released patches.

This is only the latest vulnerability to affect OpenView. Other previously-reported problems in the past six months have included at least two more security bypass issues, as well as denial of service difficulties.

However, security bypass is emerging as a widespread problem in many applications besides Select Access. Since the beginning of 2004, there have been at least a dozen significant examples. Affected applications have included Apache, BEA WebLogic, eTrust Antivirus, F-Secure Anti-Virus, Microsoft Internet Explorer and Microsoft Outlook. When exploited remotely, security bypass can be a stepping stone for attackers to do more serious damage to systems.

Dig Deeper on Network Access Control technologies

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.