You are here

V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements

March 4, 2013 - 12:27am

Addthis

PROBLEM:

RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements

PLATFORM:

RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows

ABSTRACT:

A vulnerability was reported in RSA Authentication Agent.

REFERENCE LINKS:

RSA SecurCare
SecurityTracker Alert ID:  1028230
CVE-2013-0931

IMPACT ASSESSMENT:

Medium

DISCUSSION:

On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired.

RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and Windows 2008R2 is not affected

IMPACT:

A remote or local user can bypass Passcode requirements and use a PIN in certain cases.

SOLUTION:

The vendor has issued a fix (7.1.2).

Addthis