CVE-2012-2287

EMC Rsa Authentication Agent - Authentication Bypass

Title source: rule

Description

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

References (3)

[Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78802

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55662

Scores

EPSS 0.0023

EPSS Percentile 45.3%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

emc/rsa_authentication_agent

emc/rsa_authentication_client

Timeline

Published Sep 25, 2012

Tracked Since Feb 18, 2026