PT-2012-3926 · Rsa+2 · Rsa Authentication Client+2

Publicado

2012-09-25

Atualizado

2019-02-26

CVE-2012-2287

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC RSA Authentication Agent version 7.1 RSA Authentication Client version 3.5

Description The issue allows remote authenticated users to bypass an intended token-authentication step and establish a login session to a remote host by leveraging Windows credentials for that host, when an unspecified configuration exists.

Recommendations For EMC RSA Authentication Agent version 7.1, consider reconfiguring the authentication settings to enforce token-based authentication. For RSA Authentication Client version 3.5, restrict the use of Windows credentials for remote host authentication until a proper fix is applied.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2012-2287

Produtos afetados

Emc Rsa Authentication Agent

Rsa Authentication Client

Windows

PT-2012-3926 · Rsa+2 · Rsa Authentication Client+2

CVE-2012-2287

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4