PROBLEM:
RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements
PLATFORM:
RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows
ABSTRACT:
A vulnerability was reported in RSA Authentication Agent.
REFERENCE LINKS:
RSA SecurCare
SecurityTracker Alert ID: 1028230
CVE-2013-0931
IMPACT ASSESSMENT:
Medium
DISCUSSION:
On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired.
RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and Windows 2008R2 is not affected
IMPACT:
A remote or local user can bypass Passcode requirements and use a PIN in certain cases.