CVE-2014-4631

RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/534136/100/0/threaded
http://www.securityfocus.com/bid/71423
http://www.securitytracker.com/id/1031297
https://exchange.xforce.ibmcloud.com/vulnerabilities/99086

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:::::::*
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:::::::*
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:::::::*
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2::::::

History

No history.

Information

Published : 2014-12-08 11:59

Updated : 2018-10-09 19:49

NVD link : CVE-2014-4631

Mitre link : CVE-2014-4631

CVE.ORG link : CVE-2014-4631

JSON object : View

Products Affected

emc

rsa_adaptive_authentication_on-premise

CWE

CWE-287

Improper Authentication

{"id": "CVE-2014-4631", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-08T11:59:05.953", "references": [{"url": "http://www.securityfocus.com/archive/1/534136/100/0/threaded", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/71423", "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1031297", "source": "security_alert@emc.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99086", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication."}, {"lang": "es", "value": "RSA Adaptive Authentication (On-Premise) 6.0.2.1 hasta 7.1 P3, cuando utiliza la vinculaci\u00f3n de dispositivos en una llamada Challenge SOAP o utiliza adaptadores de la integraci\u00f3n de autenticaci\u00f3n adaptiva RSA con la funcionalidad Out-of-Band Phone (Authentify), realiza la vinculaci\u00f3n de dispositivos permanente incluso cuando falla la autenticaci\u00f3n, lo que permite a atacantes remotos evadir la autenticaci\u00f3n."}], "lastModified": "2018-10-09T19:49:47.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "523180D3-6A84-43F6-9377-86C8D209110F"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F97E490D-12E8-420C-990E-2BB4B97D86D1"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E18C647-3264-46A0-8411-4DB02E470217"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30CE0F82-18A5-4E1F-B096-8A85AF85F4C4"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "250D48AB-3B67-402F-AE85-DF8B12E10D32"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "504CA1D2-9915-4ABF-9D08-C8ED5F86F34A"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70018989-D22D-4817-BAD9-ACCC949630E8"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B586DD60-483D-452E-86B6-78C381A10ED8"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4055596-785A-49C2-B7C0-2ADCCD975DF9"}, {"criteria": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "358B665D-E636-441B-9800-B6EB8ADADE40"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}