CVE-2014-0643

EMC Rsa Netwitness < 9.8.5.19 - Authentication Bypass

Title source: rule

Description

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

References (1)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html

Scores

EPSS 0.0089

EPSS Percentile 75.3%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

emc/rsa_netwitness < 9.8.5.19

emc/rsa_security_analytics < 10.2.4

Timeline

Published May 16, 2014

Tracked Since Feb 18, 2026