CVE-2013-7292

VASCO IDENTIKEY IAS 3.4.x - Auth Bypass

Title source: llm

Description

VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password.

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/612076

Scores

EPSS 0.0013

EPSS Percentile 32.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

vasco/identikey_authentication_server

Timeline

Published Jan 13, 2014

Tracked Since Feb 18, 2026