PT-2018-11136 · Rsa · Rsa Authentication Agent

Harrison Neal

Published

2018-03-30

Updated

2018-04-20

CVE-2018-1234

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS

Description The issue is related to insufficient access control list (ACL) permissions on a Windows Named Pipe, allowing unauthorized users with local system access to exploit it and read configuration properties for the authentication agent.

Recommendations For RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS, update to a version that addresses the insufficient ACL permissions issue to prevent unauthorized access to configuration properties.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1234

Affected Products

Rsa Authentication Agent

PT-2018-11136 · Rsa · Rsa Authentication Agent

CVE-2018-1234

Weakness Enumeration

Related Identifiers

Affected Products

References · 4