CVE-2011-2741

Name of the Vulnerable Software and Affected Versions EMC RSA Adaptive Authentication On-Premise (AAOP) versions 6.0.2.1 SP1 Patch 2 through 6.0.2.1 SP3

Description The issue is related to the improper implementation of Device Recovery and Device Identification. This might allow remote attackers to bypass intended security restrictions on a previously non-registered device or a registered device by sending unspecified "data elements".

Recommendations For versions 6.0.2.1 SP1 Patch 2 through 6.0.2.1 SP3, consider restricting access to the Device Recovery and Device Identification features until a proper fix is applied. As a temporary workaround, monitor device registrations and authentication attempts closely to detect potential bypass attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.