Vulnerability Description
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Authentication Api | <= 8.1 |
| Rsa | Securid Web Agent | <= 5.3.4 |
| Apache | Http Server | All versions |
| Microsoft | Internet Information Server | All versions |
| Rsa | Pluggable Authentication Module Agent | <= 6.0 |
| Rsa | Authentication Agent | <= 6.1.3 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html
FAQ
What is CVE-2013-0941?
CVE-2013-0941 is a vulnerability with a CVSS score of 2.1 (LOW). EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Wind...
How severe is CVE-2013-0941?
CVE-2013-0941 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0941?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Api, Rsa Securid Web Agent, Apache Http Server, Microsoft Internet Information Server, Rsa Pluggable Authentication Module Agent.