CVE-2018-1234
MEDIUMRSA Authentication Agent for Web < 8.0.1 - Unauthorized Configuration Exposure via Named Pipe ACL
Title source: llmDescription
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/60
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040577
Scores
CVSS v3
5.5
EPSS
0.0046
EPSS Percentile
36.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
rsa/authentication_agent_for_web
< 8.0.1 (2 CPE variants)
Published
Mar 30, 2018
Tracked Since
Feb 18, 2026