PROBLEM:
RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability
PLATFORM:
Product: RSA Authentication Agent for Microsoft Windows version 7.1
Platforms: Windows XP and Windows 2003
Product: RSA Authentication Client 3.5
Platforms: Windows XP and Windows 2003
ABSTRACT:
RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step
reference LINKS:
SecurityTracker Alert ID: 1027559
Bugtraq ID: 55662
CVE-2012-2287
IMPACT ASSESSMENT:
Medium
Discussion:
A vulnerability was reported in RSA Authentication Agent. A remote authenticated user can bypass the two-factor authentication requirement.
A remote user with privileges to access a target system can authenticate using only their Windows credentials, bypassing the required two-factor authentication step.
Impact:
A privileged user may incorrectly gain access to a desktop or a server protected by RSA SecurID® Authentication Agent v7.1 or RSA Authentication Client.
Solution:
The vendor has issued a fix (RSA Authentication Agent for Microsoft Windows version 7.1.1; RSA Authentication Client 3.5.6).