CVE-2014-0643
RSA NetWitness < 9.8.5.19 & Security Analytics 10.2-10.2.4/10.3.x < 10.3.2 - Auth Bypass via Kerberos PAM
Title source: llmDescription
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html
Scores
EPSS
0.0089
EPSS Percentile
75.8%
Details
CWE
CWE-287
Status
published
Products (2)
emc/rsa_netwitness
< 9.8.5.19
emc/rsa_security_analytics
10.2 - 10.2.4
Published
May 16, 2014
Tracked Since
Feb 18, 2026