News

RSA reassures users over bug fix

Bruce Ackland
RSA Security has admitted that it received calls from users concerned about reports of security holes in its software.

Worried customers contacted the company after reading about a flaw in RSA's ACE/Agent for Windows and ACE/Agent for Windows 2000.

RSA said the vulnerability was first found in July, adding that the problem has now been fixed. The company insisted that all its customers were notified in the correct manner. "We notify all our customers about any software problems at the same time," John Worral, RSA's director of strong authentication, told CW360.com.

Customers who contacted RSA after reading the article "must have missed these notifications", said Worral.

However, RSA could not give a reasonable explanation as to why the Computer Emergency Response Team (CERT), a US government-backed institute that monitors Net security, only sent out notification of the vulnerability this week.

The flaw in question allowed remote hackers to bypass the authentication mechanism provided by SecurID, and run programs and read files.

Worral assured CW360.com that he knew of no further problems within the RSA software. He said every effort was being taken to ensure the quality of RSA products, although, he admitted: "Bugs do slip through sometimes".

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy