PT-2010-4732 · Rsa · Rsa Authentication Client
Published
2010-10-07
·
Updated
2018-10-10
·
CVE-2010-3321
CVSS v2.0
1.5
Low
| Vector | AV:L/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
RSA Authentication Client versions 2.0.x through 3.5.x before 3.5.3
Description
The issue allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests, due to improper handling of a SENSITIVE or NON-EXTRACTABLE tag on a secret key object stored on a SecurID 800 authenticator.
Recommendations
For versions 2.0.x through 3.5.x before 3.5.3, update to version 3.5.3 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Authentication Client