CVE-2014-0646

Name of the Vulnerable Software and Affected Versions EMC RSA Access Manager versions 6.1.3 through 6.1.3.38 EMC RSA Access Manager versions 6.1.4 through 6.1.4.21 EMC RSA Access Manager versions 6.2.0 through 6.2.0.10 EMC RSA Access Manager versions 6.2.1 through 6.2.1.02

Description The issue allows local users to discover cleartext passwords by reading log files when INFO logging is enabled in the runtime WS component of the server.

Recommendations For EMC RSA Access Manager version 6.1.3, update to version 6.1.3.39 or later. For EMC RSA Access Manager version 6.1.4, update to version 6.1.4.22 or later. For EMC RSA Access Manager version 6.2.0, update to version 6.2.0.11 or later. For EMC RSA Access Manager version 6.2.1, update to version 6.2.1.03 or later.