CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests.
Vendor | Product | Version | CPE |
---|---|---|---|
rsa | authentication_client | 2.0 | cpe:2.3:a:rsa:authentication_client:2.0:*:*:*:*:*:*:* |
rsa | authentication_client | 3.0 | cpe:2.3:a:rsa:authentication_client:3.0:*:*:*:*:*:*:* |
rsa | authentication_client | 3.5.1 | cpe:2.3:a:rsa:authentication_client:3.5.1:*:*:*:*:*:*:* |