SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   RSA Adaptive Authentication Vendors:   EMC, RSA
RSA Adaptive Authentication Challenge SOAP Call Device Binding Flaw Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1031297
SecurityTracker URL:  http://securitytracker.com/id/1031297
CVE Reference:   CVE-2014-4631   (Links to External Site)
Date:  Dec 4 2014
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): (On-Premise) 6.0.2.1 through 7.1 P3; Integration Adapters 1.x and 2.x
Description:   A vulnerability was reported in RSA Adaptive Authentication. A remote user can bypass authentication.

A remote user can send a specially crafted device binding request via an AAOP challenge SOAP call to potentially bypass authentication, as the system may permanently bind the device regardless of whether authentication is successful or fails.

Impact:   A remote user can bypass authentication.
Solution:   The vendor has issued a fix (7.1 P4; Advisory ESA-2014-160).
Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC