Lucene search
+L

134 matches found

securityvulns
securityvulns
added 2013/07/10 12:0 a.m.83 views

RSA SecurID weak encryption

Symmetric key is stored locally with weak encryption...

2.1CVSS3.3AI score0.01263EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.81 views

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...

2.1CVSS0.2AI score0.01263EPSS
Exploits0
NVD
NVD
added 2013/05/22 1:29 p.m.52 views

CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...

2.1CVSS5.6AI score0.01263EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/05/22 10:0 a.m.47 views

CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...

5.6AI score0.01263EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.65 views

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...

5.4CVSS0.3AI score0.00548EPSS
Exploits0
ThreatPost
ThreatPost
added 2013/02/04 3:9 p.m.8 views

How the RSA Attackers Swung and Missed at Lockheed Martin

SAN JUAN, PUERTO RICO–The attack that resulted in the compromise of RSA’s SecurID database in 2011 had a lot of ramifications and sent shockwaves through much of the security industry. But it could have had much broader consequences had the security team at Lockheed Martin not discovered the same...

0.8AI score
Exploits0References2
securityvulns
securityvulns
added 2012/10/05 12:0 a.m.47 views

RSA SecurID Authentication Agent / RSA Authentication Client protection bypass

Under some condition user may login with windows credentials only...

8.5CVSS5AI score0.02661EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2012/07/13 9:55 p.m.21 views

CVE-2012-2280

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...

5CVSS6.3AI score0.01086EPSS
Exploits0References1
Prion
Prion
added 2012/07/13 9:55 p.m.22 views

Open redirect

Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

6.4CVSS7.1AI score0.0127EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2012/07/13 9:55 p.m.22 views

Cross site scripting

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...

5CVSS6.8AI score0.01086EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2012/07/13 9:0 p.m.24 views

CVE-2012-2280

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...

6.3AI score0.01086EPSS
Exploits0References1
CVE
CVE
added 2012/07/13 9:0 p.m.56 views

CVE-2012-2280

The CVE-2012-2280 entry concerns a Cross frame scripting vulnerability in EMC RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors due to improper frame handlin...

5CVSS6.4AI score0.01086EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2012/07/13 9:0 p.m.56 views

CVE-2012-2278

CVE-2012-2278: XSS in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14, affecting the Self-Service Console and Security Console. Root cause: cross-site scripting via unspecified vectors, enabling remote script/HTML injection. Exploitation status not s...

4.3CVSS5.9AI score0.00977EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2012/07/13 9:0 p.m.59 views

CVE-2012-2279

The CVE-2012-2279 issue affects RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The vulnerability is an open redirect in the RSA Security Console, enabling remote attackers to redirect users to arbitrary sites and potentially facilitate phishing via...

6.4CVSS6.9AI score0.0127EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2012/07/13 9:0 p.m.26 views

CVE-2012-2278

Multiple cross-site scripting XSS vulnerabilities in the 1 Self-Service Console and 2 Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.00977EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/07/13 9:0 p.m.25 views

CVE-2012-2279

Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

6.7AI score0.0127EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2012/06/28 3:1 p.m.8 views

Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity

Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding oracle attack on certain hardware security tokens publicized this week is no different, with RSA...

0.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/06/27 2:12 p.m.20 views

Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say tha...

6.9AI score
Exploits0References3
securityvulns
securityvulns
added 2012/03/09 12:0 a.m.51 views

RSA SecurID Software Token Converter buffer overflow

No description provided...

7.6CVSS4AI score0.02721EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/09 12:0 a.m.54 views

ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-013: RSA SecurID® Software Token Converter buffer overflow vulnerability Advisories Updated March 2, 2012 Summary: RSA SecurID® Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to compromise ...

7.6CVSS0.9AI score0.02721EPSS
Exploits0
Rows per page
Query Builder