BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

sudo authentication bypass when clock is reset

Posted March 7, 2013    Rod Simmons

A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which will bypass the default 5 minute password reentry interval and requires authentication for each command.

clock-resetYou could consider this vulnerability a configuration issue but it does highlight a general need to use a solution that provides an option for IO logging. Our PowerBroker Unix & Linux solution is a Command Control solution that also provides a method to perform IO Logging so you can replay a user’s entire session, after all, once they have elevated permissions it becomes vital to securely log the actions of that user.

It is always possible to have a configuration issue in any security system due to flexibility and general complexity of building a secure system. The key principle is to only delegate the rights needed and perform IO logging along with multi-factor authentication as an additional safety measure.

If you require a Sudo replacement, or want to implement greater controls where compliance requires it, PowerBroker Servers can help. Learn more about PowerBroker Servers now!

Tags:
, , , ,

Leave a Reply

Additional articles

webinar 2

On Demand Webinar: Because Auditing Stinks Sometimes

Posted July 2, 2015    Lindsay Marsh

Auditing stinks. Well, mostly stinks. In this on demand webinar, lead by Group Policy MVP Jeremy Moskowitz, you’ll learn the three key tenets to real Group Policy auditing. Tenet 1: Why do you care about Group Policy auditing? Tenet 2: How does Eventing help you know “Who did what?” Tenet 3: How does Reporting tell…

Tags:
, , , ,
skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,