Summary
The host is installed with RSA Authentication Agent and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow local attacker to bypass certain security restrictions and gain unauthorized privileged access.
Solution
Upgrade to version 7.1.2 or later,
For updates refer to http://www.rsa.com/node.aspx?id=2575
Insight
The flaw is triggered when a session is activated from the active screensaver after the Quick PIN Unlock timeout has expired, which will result in an incorrect prompt for a PIN as opposed to a prompt for the full passcode.
Affected
RSA Authentication Agent version 7.1.x before 7.1.2 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://archives.neohapsis.com/archives/bugtraq/2013-03/att-0001/ESA-2013-012.txt
- http://en.securitylab.ru/nvd/438433.php
- http://packetstormsecurity.com/files/120606
- http://seclists.org/bugtraq/2013/Mar/att-0/ESA-2013-012.txt
- http://securitytracker.com/id?1028230
- http://www.osvdb.org/90743
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0931 -
CVSS Base Score: 5.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'background' Remote Denial Of Service Vulnerability
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Avant Browser Address Bar Spoofing Vulnerability