RSA Authentication Agent For IIS Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is installed with RSA Authentication Agent for IIS and is prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow local attacker to bypass certain security restrictions and gain unauthorized privileged access. Impact Level: System/Application

Solution

Upgrade to version 7.1.2 or later, For updates refer to http://www.rsa.com/node.aspx?id=2575

Insight

The flaw is due to fail open design error.

Affected

RSA Authentication Agent version 7.1.x before 7.1.2 for IIS.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://en.securitylab.ru/nvd/446935.php
http://packetstormsecurity.com/files/123755
http://seclists.org/bugtraq/2013/Oct/att-117/ESA-2013-067.txt
http://www.osvdb.org/98898

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3280
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

RSA Authentication Agent for IIS Authentication Bypass Vulnerability

Take action and discover your vulnerabilities