PROBLEM:
RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls.
PLATFORM:
6.0.2.1 SP1 Patch 2 and SP1 Patch 3
6.0.2.1 SP2 and SP2 Patch 1
6.0.2.1 SP3
ABSTRACT:
A remote user may be able to bypass certain security controls.
reference LINKS:
SecurityTracker Alert ID: 1026420
Security Focus: ESA-2011-036
IMPACT ASSESSMENT:
Medium
Discussion:
Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls.
A remote user can send specially crafted data elements to affect the Device Recovery capability and Device Identification used by the defined policy CVE-2011-2741. A remote user can exploit this to recover a previously non-registered device or allow access for a registered device. Both web and mobile browsers are affected. A remote user on a mobile device can bypass define policy to gain access to a restricted application CVE-2011-2742. Only apps are affected. Web browsers are not affected.
Impact:
A remote user may be able to bypass certain security controls.
Solution:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online.