RSA patches web authentication flaw

News

RSA patches web authentication flaw

Antony Savvas

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

The exploit affects the RSA authentication agent for web for internet information services. 

Internet security researcher Secunia, which reported the vulnerability, said the security hole is due to a boundary error and can be exploited to cause a “heap-based buffer overflow”.  

Secunia said a remote hacker can send an overly long "chunk" of data to the chunked-encoding mechanism of the service to exploit the vulnerability. 

Once in, the attacker can execute arbitrary code. Secunia said the vulnerability has been reported in versions 5, 5.2, and 5.3 of the RSA tool, although other versions may also be affected.

The RSA patch can be found here:

https://knowledge.rsasecurity.com/

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy