Description
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf
Various Sources x_refsource_misc
http://www.cr-labs.com/publications/SiteKey-20060718.pdf
Scores
EPSS
0.0107
EPSS Percentile
78.0%
Details
Status
published
Products (1)
emc/rsa_security_sitekey
Published
Apr 30, 2007
Tracked Since
Feb 18, 2026