CVE-2014-4631
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.4%
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 6.0.2.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 7.0 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 7.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:* |
| emc | rsa_adaptive_authentication_on-premise | 7.1 | cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.4%