CVE-2018-1234

MEDIUM

RSA Authentication Agent for Web < 8.0.1 - Unauthorized Configuration Exposure via Named Pipe ACL

Title source: llm
STIX 2.1

Description

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/60
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040577

Scores

CVSS v3 5.5
EPSS 0.0046
EPSS Percentile 36.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
rsa/authentication_agent_for_web < 8.0.1 (2 CPE variants)
Published Mar 30, 2018
Tracked Since Feb 18, 2026