Vulnerability Description
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Adaptive Authentication On-Premise | 6.0.2.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/534136/100/0/threaded
- http://www.securityfocus.com/bid/71423
- http://www.securitytracker.com/id/1031297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99086
- http://www.securityfocus.com/archive/1/534136/100/0/threaded
- http://www.securityfocus.com/bid/71423
- http://www.securitytracker.com/id/1031297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99086
FAQ
What is CVE-2014-4631?
CVE-2014-4631 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone...
How severe is CVE-2014-4631?
CVE-2014-4631 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4631?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Adaptive Authentication On-Premise.