First published: Thu Oct 07 2010(Updated: )
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rsa Authentication Client | =2.0 | |
Rsa Authentication Client | =3.0 | |
Rsa Authentication Client | =3.5.1 | |
RSA Authentication Client | =2.0 | |
RSA Authentication Client | =3.0 | |
RSA Authentication Client | =3.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.