TechTarget

RSA patches web authentication flaw

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

The exploit affects the RSA authentication agent for web for internet information services. 

Internet security researcher Secunia, which reported the vulnerability, said the security hole is due to a boundary error and can be exploited to cause a “heap-based buffer overflow”.  

Secunia said a remote hacker can send an overly long "chunk" of data to the chunked-encoding mechanism of the service to exploit the vulnerability. 

Once in, the attacker can execute arbitrary code. Secunia said the vulnerability has been reported in versions 5, 5.2, and 5.3 of the RSA tool, although other versions may also be affected.

The RSA patch can be found here:

https://knowledge.rsasecurity.com/

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close