Published: 29/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Rsa Authentication Agent Sdk For C

EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow malicious users to bypass authentication, aka an "Error Handling Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc rsa authentication agent sdk for c 8.6
emc rsa authentication agent api for c 8.5

RSA coughs to critical-rated bug in its authentication SDK

The Register • Richard Chirgwin • 03 Dec 2017

Yup, that means if you code with it, your projects inherit the problem. Yay!

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA's software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache Web Server”. If the authentication agent is configured to use UDP there's no problem, but if it's using TCP, a remote and unauthenticated attacker can send a crafted pa...

CVE-2017-14378

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect