CVE-2017-8006

Name of the Vulnerable Software and Affected Versions EMC RSA Authentication Manager versions 8.2 SP1 Patch 1 and earlier

Description A malicious user logged into the Self-Service Console of RSA Authentication Manager can use a brute force attack to attempt to identify a target user's PIN. This could potentially allow the malicious user to reset the compromised PIN, affecting the victim's ability to obtain access to protected resources.

Recommendations For EMC RSA Authentication Manager versions 8.2 SP1 Patch 1 and earlier, consider implementing additional security measures to prevent brute force attacks, such as rate limiting or IP blocking, until a patch is available. As a temporary workaround, restrict access to the Self-Service Console to minimize the risk of exploitation.