CVE-2013-0941

Name of the Vulnerable Software and Affected Versions EMC RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to 5.3.5 RSA PAM Agent versions prior to 7.0 RSA Agent for Microsoft Windows versions prior to 6.1.4

Description The issue is related to the use of an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API. This allows local users to obtain sensitive information via cryptographic attacks on this data.

Recommendations For EMC RSA Authentication API versions prior to 8.1 SP1, update to version 8.1 SP1 or later. For RSA Web Agent for Apache Web Server versions prior to 5.3.5, update to version 5.3.5 or later. For RSA Web Agent for IIS versions prior to 5.3.5, update to version 5.3.5 or later. For RSA PAM Agent versions prior to 7.0, update to version 7.0 or later. For RSA Agent for Microsoft Windows versions prior to 6.1.4, update to version 6.1.4 or later.