RSA Authentication Agent For IIS Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is installed with RSA Authentication Agent for IIS and is prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow local attacker to bypass certain security restrictions and gain unauthorized privileged access. Impact Level: System/Application

Solution

Upgrade to version 7.1.2 or later, For updates refer to http://www.rsa.com/node.aspx?id=2575

Insight

The flaw is due to fail open design error.

Affected

RSA Authentication Agent version 7.1.x before 7.1.2 for IIS.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://en.securitylab.ru/nvd/446935.php
http://packetstormsecurity.com/files/123755
http://seclists.org/bugtraq/2013/Oct/att-117/ESA-2013-067.txt
http://www.osvdb.org/98898

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3280

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
Adobe Flash Media Server multiple vulnerabilities
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)

RSA Authentication Agent for IIS Authentication Bypass Vulnerability

Take action and discover your vulnerabilities