PT-2012-3926 · Rsa+2 · Rsa Authentication Client+2

Published

2012-09-25

Updated

2019-02-26

CVE-2012-2287

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC RSA Authentication Agent version 7.1 RSA Authentication Client version 3.5

Description The issue allows remote authenticated users to bypass an intended token-authentication step and establish a login session to a remote host by leveraging Windows credentials for that host, when an unspecified configuration exists.

Recommendations For EMC RSA Authentication Agent version 7.1, consider reconfiguring the authentication settings to enforce token-based authentication. For RSA Authentication Client version 3.5, restrict the use of Windows credentials for remote host authentication until a proper fix is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-2287

Affected Products

Emc Rsa Authentication Agent

Rsa Authentication Client

Windows

PT-2012-3926 · Rsa+2 · Rsa Authentication Client+2

CVE-2012-2287

Weakness Enumeration

Related Identifiers

Affected Products

References · 4