CVE-2011-2742

Name of the Vulnerable Software and Affected Versions EMC RSA Adaptive Authentication On-Premise (AAOP) versions 6.0.2.1 SP1 Patch 2 through 6.0.2.1 SP3

Description The issue is related to the improper performance of forensic evaluation upon receipt of device tokens from mobile apps. This might allow remote attackers to bypass intended application restrictions via a mobile device.

Recommendations For versions 6.0.2.1 SP1 Patch 2 through 6.0.2.1 SP3, consider restricting the receipt of device tokens from mobile apps until a proper fix is applied. As a temporary workaround, restrict access to the mobile app functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.