Lucene search

[email protected]CVE-2002-0507

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0507

2002-08-1204:00:00

CWE-287

[email protected]

web.nvd.nist.gov

microsoft

owa

rsa securid

authentication bypass

vulnerability

cve-2002-0507

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

Affected configurations

NVD

Node

microsoftexchange_serverMatch5.5-

microsoftexchange_serverMatch5.5sp1

microsoftexchange_serverMatch5.5sp2

microsoftexchange_serverMatch5.5sp3

microsoftexchange_serverMatch5.5sp4

microsoftexchange_serverMatch2000-

microsoftexchange_serverMatch2000sp1

microsoftexchange_serverMatch2000sp2

Node

rsasecuridMatch5.0

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq5.5
microsoft:exchange_servermicrosoft exchange servereq2000

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	5.5
microsoft:exchange_server	microsoft exchange server	eq	2000

References

online.securityfocus.com/archive/1/264705

www.iss.net/security_center/static/8681.php

www.securityfocus.com/bid/4390

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2002-0507

cvelist1 nvd1