Vulnerability Description
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Authentication Agent | 7.1 |
| Emc | Rsa Authentication Client | 3.5 |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.htmlVendor Advisory
- http://www.securityfocus.com/bid/55662
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78802
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.htmlVendor Advisory
- http://www.securityfocus.com/bid/55662
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78802
FAQ
What is CVE-2012-2287?
CVE-2012-2287 is a vulnerability with a CVSS score of 8.5 (HIGH). The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote au...
How severe is CVE-2012-2287?
CVE-2012-2287 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2287?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Authentication Agent, Emc Rsa Authentication Client, Microsoft Windows Server 2003, Microsoft Windows Xp.