Vulnerability CVE-2008-2027


Published: 2008-04-30   Modified: 2012-02-12

Description:
Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cross-domain redirect on RSA Authentication Agent
ProCheckUp Resea...
03.05.2008

Type:

CWE-200

(Information Exposure)

Vendor: RSA
Product: Authentication agent 
Version: 5.3.0.258;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://securityreason.com/securityalert/3850
http://www.procheckup.com/Vulnerability_PR07-43.php
http://www.securityfocus.com/archive/1/491237/100/0/threaded
http://www.securityfocus.com/bid/28907
https://exchange.xforce.ibmcloud.com/vulnerabilities/42184

Related CVE
CVE-2019-3758
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to th...
CVE-2019-3756
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3740
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys...
CVE-2019-3739
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA key...
CVE-2019-3738
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable share...
CVE-2019-3716
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may ob...
CVE-2019-3715
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the ex...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrat...

Copyright 2019, cxsecurity.com

 

Back to Top