CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
The desktop and server management solution Broadcom CA DSM stores some configuration data of its agent component locally on managed systems in encrypted form. The encrypted configuration data may include sensitive data like user credentials of service accounts. On a managed client system, low-privileged Windows users are able to extract the used cryptographic key material that is used for encrypting specific configuration data by exploiting a design security issue using the Common Application Framework (CAF) command line tool. Version 14.5.0.15 is affected.
