You are here

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls

December 14, 2011 - 8:17am

Addthis

PROBLEM:

RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls.

PLATFORM:

6.0.2.1 SP1 Patch 2 and SP1 Patch 3
6.0.2.1 SP2 and SP2 Patch 1
6.0.2.1 SP3

ABSTRACT:

A remote user may be able to bypass certain security controls.

reference LINKS:

SecurityTracker Alert ID: 1026420
Security Focus: ESA-2011-036

IMPACT ASSESSMENT:

Medium

Discussion:

Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls.
A remote user can send specially crafted data elements to affect the Device Recovery capability and Device Identification used by the defined policy CVE-2011-2741. A remote user can exploit this to recover a previously non-registered device or allow access for a registered device. Both web and mobile browsers are affected. A remote user on a mobile device can bypass define policy to gain access to a restricted application CVE-2011-2742. Only apps are affected. Web browsers are not affected.

Impact:

A remote user may be able to bypass certain security controls.

Solution:

To obtain the latest RSA product downloads, log on to RSA SecurCare Online.

Addthis