Vigil@nce: RSA Authentication Agent, Client, user access
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When RSA Authentication Agent 7.1 or RSA Authentication Client 3.5
is installed on Windows XP/2003, an attacker can access to the
system with only his Windows login/password.
– Impacted products: RSA Authentication Agent, SecurID
– Severity: 2/4
– Creation date: 25/09/2012
DESCRIPTION OF THE VULNERABILITY
The RSA Authentication Agent product uses a two factor
authentication. The RSA Authentication Client product uses an
authentication based on SecurID and a PIN code.
However, when RSA Authentication Agent 7.1 or RSA Authentication
Client 3.5 is installed on Windows XP/2003, an attacker can access
to the system with only his Windows login/password.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/RSA-Authentication-Agent-Client-user-access-11975