Imprivata Enterprise Access Management Login Bypass Vulnerability on Shared Kiosk Workstations

A vulnerability in Imprivata Enterprise Access Management (EAM) allows users to bypass the login screen on shared kiosk workstations, gaining unauthorized access to the underlying Windows system through the already logged-in autologon account. This issue arises from inadequate handling of keyboard shortcuts and affects Imprivata EAM versions 5.3 through 24.2.

Impact

Exploitation of this vulnerability allows for unauthorized access to the Windows environment with the privileges of the autologon account, potentially leading to further attacks such as compromising Active Directory or exfiltrating sensitive files.

Reproduction

The vulnerability can be reproduced on a shared kiosk workstation where a Windows autologon account is active. After the autologon process, the Imprivata login screen appears. By using a specific keyboard shortcut, this login screen can be bypassed, granting access to the Windows environment without authentication.

Remediation

Users are advised to upgrade Imprivata EAM to one of the fixed versions available through the Imprivata Customer Portal or by contacting Imprivata support. If an upgrade is not possible, the Imprivata login UI experience can be set to 'Imprivata login' and the 'If SSO authentication fails, but Windows authentication succeeds, should the user be allowed to log in to the computer?' option can be set to 'No'.