Vulnerability in Emc Rsa_authentication_agent

CVE-2013-3280

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.

EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.

Affected products

Emc Rsa_authentication_agent — versions 7.1, 7.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20131023 ESA-2013-067: RSA Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability (mailing-list, x_refsource_BUGTRAQ)