Description
Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42184
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28907
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3850
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR07-43.php
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491237/100/0/threaded
Scores
EPSS
0.0112
EPSS Percentile
62.4%
Details
CWE
CWE-200
Status
published
Products (1)
rsa/authentication_agent
5.3.0.258
Published
Apr 30, 2008
Tracked Since
Feb 18, 2026