Claroty Secure Access OIDC Authentication Flow Vulnerability Allowing Unauthorized User Creation and Impersonation

A vulnerability exists in Claroty Secure Access versions 3.3.0 through 4.0.2, specifically when OpenID Connect (OIDC) authentication is enabled, either currently or previously. This vulnerability can lead to unauthorized creation of users or impersonation of existing OIDC users. In certain OIDC configurations, it may also allow an unauthorized user to add themselves to the 'Administrators' group, gaining admin-level privileges within the Secure Access application.

Impact

Exploitation of this vulnerability could disrupt user authentication integrity, leading to unauthorized user creation or impersonation of existing OIDC users. Additionally, in some OIDC configurations, it could allow an unauthorized user to gain administrative privileges in the Secure Access application by adding themselves to the 'Administrators' group.

Remediation

Users can update to Claroty Secure Access versions 3.7 or 4.0.2, where the vulnerability has been addressed. For those using other versions, it is recommended to open a support ticket.