Vulnerability CVE-2013-0941
Published: 2013-05-22

Description:
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

See advisories in our WLB2 database:
Topic
Author
Date
High
RSA SecurID Sensitive Information Disclosure Vulnerability
RSA
17.05.2013

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
RSA -> Authentication agent 
RSA -> Authentication api 
RSA -> Pluggable authentication module 
RSA -> Securid web agent 
RSA -> Pluggable authentication module agent 

 References:
http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html
Copyright 2024, cxsecurity.com

 

Back to Top