Vulnerability found in RSA authentication


Vulnerability found in RSA authentication

Bruce Ackland
A UK Internet security company has discovered a vulnerability in the authentication software used by the US government to protect its most sensitive information.

ProCheckUp found a weakness in the ACE/Agent for Windows and ACE/Agent for Windows 2000 from e-security firm RSA Security while assessing the security of a large financial institution.

The flaw allows remote hackers to bypass the authentication mechanism provided by SecurID and to directly run programs and read files. ProCheckUp believes this could leave the file server open to other types of attacks, which can be modified to exploit the weakness, leaving the server potentially wide open.

For almost 20 years, the US government has used RSA Security technology to protect its top-secret material.

The discovery of a vulnerability in RSA's authentication software comes as the risk of cyber attacks has increased following the terrorist attacks on America and retaliatory bombing of Afghanistan.

ProCheckUp's technical director, Richard Brain, said: "The users of this software are mostly government agencies. In the current international climate, governments are under heightened threat from cyberattacks. It will be of the utmost concern to these agencies that their most sensitive data can be so easily viewed by unauthorised individuals."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy