AnsweredAssumed Answered

CA PAM client logon vulnerability?

Question asked by dguirl on Oct 20, 2017
Latest reply on Oct 24, 2017 by Wael AbdelWahab

If I open multiple client windows on my laptop and log in as two different accounts ( super, and a domain user) I do not see anything in the Session Log for the second login. Am I missing something or is this a bug? I am currently working with a POC of CA PAM 2.8.2. As an administrator, I am working on setting up policies and testing user access, so I often have to log in as different accounts. I noticed that the client will allow me to open another instance of the client and log in as a different user, and maintain two completely different sessions from my workstation. That way I don't have to keep logging out and in again. But when I have two client sessions open, the second session does not not show up under Sessions > Logs. It also doesn't show up under Sessions > Manage Sessions. 

 

This seems like a huge vulnerability and I don't know how I can trust that the system is accurately capturing login data for auditing purposes.

Please correct me if this is incorrectly configured or let me know if you'd like screenshots..

Outcomes