CVE-2018-1234: Infoleak
First published: Fri Mar 30 2018(Updated: )
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Authentication Agent | <=8.0.1 | |
| RSA Authentication Agent | <=8.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1234?
CVE-2018-1234 has a high severity rating due to its potential for unauthorized local access.
How do I fix CVE-2018-1234?
To fix CVE-2018-1234, ensure that all access control list (ACL) permissions on Windows Named Pipes are properly configured.
Which versions are affected by CVE-2018-1234?
CVE-2018-1234 affects RSA Authentication Agent for Web versions 8.0.1 and earlier.
What type of attacks can CVE-2018-1234 facilitate?
CVE-2018-1234 can allow an attacker with local access to exploit insufficient permissions and potentially gain unauthorized access.
Is there a workaround for CVE-2018-1234 until a patch is available?
As a temporary workaround for CVE-2018-1234, review and harden your ACL configurations on affected systems.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rsa
- canonical/rsa authentication agent
- version/rsa authentication agent/8.0.1