You are here

U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability

September 25, 2012 - 6:00am

Addthis

PROBLEM:

RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability

PLATFORM:

Product: RSA Authentication Agent for Microsoft Windows version 7.1
Platforms: Windows XP and Windows 2003

Product: RSA Authentication Client 3.5
Platforms: Windows XP and Windows 2003

ABSTRACT:

RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step

reference LINKS:

SecurityTracker Alert ID:  1027559
Bugtraq ID: 55662
CVE-2012-2287

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in RSA Authentication Agent. A remote authenticated user can bypass the two-factor authentication requirement. 

A remote user with privileges to access a target system can authenticate using only their Windows credentials, bypassing the required two-factor authentication step.

Impact:

A privileged user may incorrectly gain access to a desktop or a server protected by RSA SecurID® Authentication Agent v7.1 or RSA Authentication Client.

Solution:

The vendor has issued a fix (RSA Authentication Agent for Microsoft Windows version 7.1.1; RSA Authentication Client 3.5.6).

Addthis