Claroty Product Security Advisory: OIDC Configurations in Claroty Secure Access

This advisory provides important information regarding a security vulnerability affecting on-premise Claroty Secure Access (formerly known as Claroty Secure Remote Access or SRA) when configured with OpenID Connect (OIDC) authentication, either currently or previously. Fixes for affected products are available in the customer portal. There are no known public exploits or a public proof of concept (POC) of this vulnerability. 

The vulnerability could potentially impact the integrity of user authentication within specific versions of on-premise Secure Access when OIDC is enabled. This vulnerability could, under certain conditions, be used for unauthorized user creation or impersonation of existing OIDC users. In certain OIDC configurations, an unauthorized user can also add a user to the built-in ‘Administrators’ group and gain admin-level privileges for the Secure Access app. 

Remediation

• Updates that address the vulnerability are available in Claroty’s customer portal for customers using on-premise Secure Access versions 3.7 and 4.0.2.

• For customers using other versions, please open a support ticket. 

Acknowledgements 

Claroty would like to thank Limes Security GmbH for reporting the security vulnerability described herein, the related research effort, and the close collaboration with the Claroty team during the coordinated disclosure. 

Governing Terms

The information provided herein is subject to the provisions specified in Claroty’s license terms or any other applicable agreements or policies. To the extent applicable to the provided information, documentation or software made available in or through this document, the provisions of Claroty’s Global Website (https://claroty.com/terms-conditions) shall apply additionally.