RSA reassures users over bug fix


RSA reassures users over bug fix

Bruce Ackland
RSA Security has admitted that it received calls from users concerned about reports of security holes in its software.

Worried customers contacted the company after reading about a flaw in RSA's ACE/Agent for Windows and ACE/Agent for Windows 2000.

RSA said the vulnerability was first found in July, adding that the problem has now been fixed. The company insisted that all its customers were notified in the correct manner. "We notify all our customers about any software problems at the same time," John Worral, RSA's director of strong authentication, told

Customers who contacted RSA after reading the article "must have missed these notifications", said Worral.

However, RSA could not give a reasonable explanation as to why the Computer Emergency Response Team (CERT), a US government-backed institute that monitors Net security, only sent out notification of the vulnerability this week.

The flaw in question allowed remote hackers to bypass the authentication mechanism provided by SecurID, and run programs and read files.

Worral assured that he knew of no further problems within the RSA software. He said every effort was being taken to ensure the quality of RSA products, although, he admitted: "Bugs do slip through sometimes".

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy