CVE-2014-4631

Published Dec 8, 2014

Last updated 6 years ago

CVSS info 5.0

Overview

Description: RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "523180D3-6A84-43F6-9377-86C8D209110F"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F97E490D-12E8-420C-990E-2BB4B97D86D1"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E18C647-3264-46A0-8411-4DB02E470217"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30CE0F82-18A5-4E1F-B096-8A85AF85F4C4"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250D48AB-3B67-402F-AE85-DF8B12E10D32"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "504CA1D2-9915-4ABF-9D08-C8ED5F86F34A"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70018989-D22D-4817-BAD9-ACCC949630E8"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B586DD60-483D-452E-86B6-78C381A10ED8"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4055596-785A-49C2-B7C0-2ADCCD975DF9"
          },
          {
            "criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "358B665D-E636-441B-9800-B6EB8ADADE40"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References