Vulnerability found in RSA authentication

News

Vulnerability found in RSA authentication

Bruce Ackland
A UK Internet security company has discovered a vulnerability in the authentication software used by the US government to protect its most sensitive information.

ProCheckUp found a weakness in the ACE/Agent for Windows and ACE/Agent for Windows 2000 from e-security firm RSA Security while assessing the security of a large financial institution.

The flaw allows remote hackers to bypass the authentication mechanism provided by SecurID and to directly run programs and read files. ProCheckUp believes this could leave the file server open to other types of attacks, which can be modified to exploit the weakness, leaving the server potentially wide open.

For almost 20 years, the US government has used RSA Security technology to protect its top-secret material.

The discovery of a vulnerability in RSA's authentication software comes as the risk of cyber attacks has increased following the terrorist attacks on America and retaliatory bombing of Afghanistan.

ProCheckUp's technical director, Richard Brain, said: "The users of this software are mostly government agencies. In the current international climate, governments are under heightened threat from cyberattacks. It will be of the utmost concern to these agencies that their most sensitive data can be so easily viewed by unauthorised individuals."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy