Auth bypass in Emc Rsa_authentication_agent

CVE-2012-2287

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended…

Vulnerability class: Broken Authentication

EPSS: 0.002 (45.7th percentile) — read the EPSS interpretation.

Affected products

Emc Rsa_authentication_agent — versions 7.1
Emc Rsa_authentication_client — versions 3.5
Microsoft Windows_server_2003
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

55662 (vdb-entry, x_refsource_BID)
rsa-authentication-security-bypass(78802) (vdb-entry, x_refsource_XF)
20120920 ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentication Client 3.5 Access Control Vulnerability (Vendor Advisory, mailing-list, x_refsource_BUGTRAQ)