PT-2019-16700 · Rsa+1 · Rsa Identity Governance/Lifecycle+2
Published
2019-09-11
·
Updated
2020-10-16
·
CVE-2019-3763
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08
RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08
Description
The issue allows an authenticated malicious local user with access to the debug logs to obtain an exposed password. This occurs because the Office 365 user password may get logged in plain text format in the Office 365 connector debug log file.
Recommendations
For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
As a temporary workaround, consider restricting access to the Office 365 connector debug log file to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office 365
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance