PROBLEM:
A vulnerability was reported in RSA Adaptive Authentication.
PLATFORM:
6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3
ABSTRACT:
An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.
reference LINKS:
RSA Reference: RSA Adaptive Authentication
RSA >> Adaptive Authentication: Vulnerability Statistics
IMPACT ASSESSMENT:
High
Discussion:
In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session. RSA Adaptive Authentication versions affected:
RSA AAOP 6.0.2.1 SP1 Patch 2
RSA AAOP 6.0.2.1 SP1 Patch 3
RSA AAOP 6.0.2.1 SP2
RSA AAOP 6.0.2.1 SP2 Patch 1
RSA AAOP 6.0.2.1 SP3
Impact:
The Common Vulnerability Scoring System (CVSS) Base Score for the items identified in this advisory is: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P). RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
Solution:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. RSA SecurCare Online Logon