You are here

T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

August 18, 2011 - 3:09pm

Addthis

PROBLEM:

A vulnerability was reported in RSA Adaptive Authentication.

PLATFORM:

6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3

ABSTRACT:

An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

reference  LINKS:

Security Tracker: 1025956

RSA Reference: RSA Adaptive Authentication
RSA >> Adaptive Authentication: Vulnerability Statistics

IMPACT ASSESSMENT:

High

Discussion:

In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session. RSA Adaptive Authentication versions affected:
RSA AAOP 6.0.2.1 SP1 Patch 2
RSA AAOP 6.0.2.1 SP1 Patch 3
RSA AAOP 6.0.2.1 SP2
RSA AAOP 6.0.2.1 SP2 Patch 1
RSA AAOP 6.0.2.1 SP3

Impact:

The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.

Solution:

To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. RSA SecurCare Online Logon
 

Addthis