ProCheckUp found a weakness in the ACE/Agent for Windows and ACE/Agent for Windows 2000 from e-security firm RSA Security while assessing the security of a large financial institution.
The flaw allows remote hackers to bypass the authentication mechanism provided by SecurID and to directly run programs and read files. ProCheckUp believes this could leave the file server open to other types of attacks, which can be modified to exploit the weakness, leaving the server potentially wide open.
For almost 20 years, the US government has used RSA Security technology to protect its top-secret material.
The discovery of a vulnerability in RSA's authentication software comes as the risk of cyber attacks has increased following the terrorist attacks on America and retaliatory bombing of Afghanistan.
ProCheckUp's technical director, Richard Brain, said: "The users of this software are mostly government agencies. In the current international climate, governments are under heightened threat from cyberattacks. It will be of the utmost concern to these agencies that their most sensitive data can be so easily viewed by unauthorised individuals."