Computer Security
[EN] no-pyccku

RSA Authentication Client information leal
SecurityVulns ID:11188
Threat Level:
Description:SENSITIVE and NON-EXTRACTABLE flags are ignored for shared kay, making it possible to extract it.
Affected:EMC : RSA Authentication Client 2.0
 EMC : RSA Authentication Client 3.0
 EMC : RSA Authentication Client 3.5
CVE:CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests.)
Original documentdocumentEMC, ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator (11.10.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod