eTrust Access Control contains a flaw that may allow a remote attacker to alter the access control database. The issue is due to eTrust installing without strong crypto options set and using a default encryption key. If an attacker can gain access to the default key, they may be able to use it to spoof the credentials of a legitimate administrator, edit the access control database, and gain access to the remote machine.
Currently, there are no known workarounds or upgrades to correct this issue. However, Computer Associates has released a patch to address this vulnerability.