134 matches found
RSA SecurID weak encryption
Symmetric key is stored locally with weak encryption...
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...
CVE-2013-0941
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...
CVE-2013-0941
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...
ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...
How the RSA Attackers Swung and Missed at Lockheed Martin
SAN JUAN, PUERTO RICO–The attack that resulted in the compromise of RSA’s SecurID database in 2011 had a lot of ramifications and sent shockwaves through much of the security industry. But it could have had much broader consequences had the security team at Lockheed Martin not discovered the same...
RSA SecurID Authentication Agent / RSA Authentication Client protection bypass
Under some condition user may login with windows credentials only...
CVE-2012-2280
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...
Open redirect
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Cross site scripting
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...
CVE-2012-2280
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...
CVE-2012-2280
The CVE-2012-2280 entry concerns a Cross frame scripting vulnerability in EMC RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors due to improper frame handlin...
CVE-2012-2278
CVE-2012-2278: XSS in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14, affecting the Self-Service Console and Security Console. Root cause: cross-site scripting via unspecified vectors, enabling remote script/HTML injection. Exploitation status not s...
CVE-2012-2279
The CVE-2012-2279 issue affects RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The vulnerability is an open redirect in the RSA Security Console, enabling remote attackers to redirect users to arbitrary sites and potentially facilitate phishing via...
CVE-2012-2278
Multiple cross-site scripting XSS vulnerabilities in the 1 Self-Service Console and 2 Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2279
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity
Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding oracle attack on certain hardware security tokens publicized this week is no different, with RSA...
Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic
A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say tha...
RSA SecurID Software Token Converter buffer overflow
No description provided...
ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-013: RSA SecurID® Software Token Converter buffer overflow vulnerability Advisories Updated March 2, 2012 Summary: RSA SecurID® Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to compromise ...