CVE-2014-4631

Name of the Vulnerable Software and Affected Versions RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 through 7.1 P3

Description The issue allows remote attackers to bypass authentication due to permanent device binding, even when authentication fails, specifically when using device binding in a Challenge SOAP call or the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality.

Recommendations For RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 through 7.1 P3, consider disabling the device binding feature in Challenge SOAP calls and the Out-of-Band Phone (Authentify) functionality until a patch is available. Restrict access to the affected integration adapters to minimize the risk of exploitation.