RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks
RSA Authentication Manager 7.1 is vulnerable; other versions may also be affected.
RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
Several vulnerabilities were reported in RSA Authentication Manager. A remote user can conduct cross-site and cross-frame scripting attacks. A remote user can redirect the target user's browser to an arbitrary URL.
A remote user can cause the RSA Security Console to redirect the target user to an arbitrary URL [CVE-2012-2279].
Several scripts on the RSA Self-Service and Security Consoles do not properly filter HTML code from user-supplied input before displaying the input [CVE-2012-2278]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the RSA Authentication Manager software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can conduct cross-frame scripting attacks [CVE-2012-2280].
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the RSA Authentication Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The vendor has issued a fix (Patch 14 (P14) for RSA Authentication Manager 7.1 SP4 and Appliance 3.0 SP4).