SecurID
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSA® Authentication Client when storing secret key objects on an RSA SecurID® 800 Authenticator
RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
Description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-039: RSA®, The Security Division of EMC, announces security fixes and improvements for RSASecurID® Software Token 4.1 for Microsoft®Windows®
Advisories
Updated December 12, 2011
Summary:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
EMC Identifier: ESA-2013-029
CVE Identifier: CVE-2013-0941
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-013: RSA SecurID® Software Token Converter buffer overflow vulnerability
Advisories
Updated March 2, 2012
Summary:
A privileged user may incorrectly gain access to a desktop or a server protected by RSA SecurID® Authentication Agent v7.1 or RSA Authentication Client.
Details:
Summary:
A user may incorrectly gain access to a desktop or a server protected by RSA SecurID® Authentication Agent v7.1 or v7.1.1.
Details:
Barracuda SSL VPN
* Enables access to corporate intranets, file systems or other Web-based applications
* Tracks resource access through auditing and reporting facilities
* Scans uploaded files for viruses and malware
* Leverages multi-factor, layered authentication mechanisms, including RSA SecurID and VASCO tokens
* Integrates with existing Active Directory and LDAP directories
* Utilizes policies for granular access control framework
* Supports any Web browser on PC or Mac
(Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/sslvpn.php)
Obtaining More Information:
For more information about RSA SecurID, visit the RSA web site at http://www.rsa.com/node.aspx?id=1156.
Getting Support and Service:
This vulnerability cannot be used to change the password for the
following types of users accounts:
* User accounts that are defined on external identity stores such
as a Lightweight Directory Access Protocol (LDAP) server, a
Microsoft Active Directory server, an RSA SecurID server, or an
external RADIUS server
* System administrator accounts for the Cisco Secure ACS server
itself that have been configured through the web-based interface
* Users accounts for the Cisco Secure ACS server itself that have
been configured through the "username <username> password <password>"
Obtaining More Information:
For more information about RSA SecurID, visit the RSA web site at http://www.rsa.com/node.aspx?id=1156.
Getting Support and Service:
version that you want and click the set link.
Obtaining More Information:
For more information about RSA SecurID, visit the RSA web site at
http://www.rsa.com/node.aspx?id=1156.
Getting Support and Service:
documentation you want to obtain. Scroll to the section for the product
version that you want and click the set link.
Obtaining More Information:
For more information about RSA SecurID, visit the RSA web site at
http://www.emc.com/security/rsa-envision.htm
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA
Cache-control: no-cache,max-age=0,must-revalidate
<HTML>
<HEAD>
~ <TITLE>RSA SecurID : Log In</TITLE>
[ SNIP ]
<INPUT TYPE=HIDDEN NAME="stage" VALUE="useridandpasscode">
<INPUT TYPE=HIDDEN NAME="referrer" VALUE="/">
If an attacker can gain access to the session ID by any mechanism (such
as by recovering it from the local cache or logs), then they will be
able to access all the resources that are available to the user.
Strong authentication technology, such as SecurID 2FA, does not protect
against this style of attack, as the session ID is generated after the
strong authentication process is completed.
-- Recommendations --
Cache-control: no-cache,max-age=0,must-revalidate
<HTML>
<HEAD>
~ <TITLE>RSA SecurID : Log In</TITLE>
[ SNIP ]
<INPUT TYPE=HIDDEN NAME="stage" VALUE="useridandpasscode">
<INPUT TYPE=HIDDEN NAME="referrer" VALUE="/">
Cache-control: no-cache,max-age=0,must-revalidate
<HTML>
<HEAD>
~ <TITLE>RSA SecurID : Log In</TITLE>
[ SNIP ]
<INPUT TYPE=HIDDEN NAME="stage" VALUE="useridandpasscode">
<INPUT TYPE=HIDDEN NAME="referrer" VALUE="/">
Cache-control: no-cache,max-age=0,must-revalidate
<HTML>
<HEAD>
~ <TITLE>RSA SecurID : Log In</TITLE>
[ SNIP ]
<INPUT TYPE=HIDDEN NAME="stage" VALUE="useridandpasscode">
<INPUT TYPE=HIDDEN NAME="referrer" VALUE="/">
|
