PT-2014-6037 · Rsa · Rsa Adaptive Authentication

Published

2014-12-08

Updated

2018-10-09

CVE-2014-4631

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 through 7.1 P3

Description The issue allows remote attackers to bypass authentication due to permanent device binding, even when authentication fails, specifically when using device binding in a Challenge SOAP call or the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality.

Recommendations For RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 through 7.1 P3, consider disabling the device binding feature in Challenge SOAP calls and the Out-of-Band Phone (Authentify) functionality until a patch is available. Restrict access to the affected integration adapters to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-4631

Affected Products

Rsa Adaptive Authentication

PT-2014-6037 · Rsa · Rsa Adaptive Authentication

CVE-2014-4631

Weakness Enumeration

Related Identifiers

Affected Products

References · 5