CVE-2008-2027

Name of the Vulnerable Software and Affected Versions RSA Authentication Agent version 5.3.0.258 for Web for IIS

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This can be achieved via an ftp URL in the url parameter to a Redirect action, particularly when accessed through certain browsers like Mozilla Firefox.

Recommendations For RSA Authentication Agent version 5.3.0.258 for Web for IIS, consider restricting access to the Redirect action or validating the url parameter to prevent redirects to unauthorized sites. As a temporary workaround, avoid using the url parameter in the Redirect action until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.