Vasco · Vasco Identikey Authentication Server · CVE-2013-7292
**Name of the Vulnerable Software and Affected Versions**
VASCO IDENTIKEY Authentication Server (IAS) version 3.4.x
**Description**
The issue allows remote authenticated users to bypass Active Directory authentication. This is done by entering only a DIGIPASS one-time password, instead of the required combination of this one-time password and a multiple-time AD password.
**Recommendations**
For version 3.4.x, consider restricting access to the DIGIPASS one-time password feature until a fix is available, to minimize the risk of Active Directory authentication bypass.