News

RSA patches web authentication flaw

Antony Savvas

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

The exploit affects the RSA authentication agent for web for internet information services. 

Internet security researcher Secunia, which reported the vulnerability, said the security hole is due to a boundary error and can be exploited to cause a “heap-based buffer overflow”.  

Secunia said a remote hacker can send an overly long "chunk" of data to the chunked-encoding mechanism of the service to exploit the vulnerability. 

Once in, the attacker can execute arbitrary code. Secunia said the vulnerability has been reported in versions 5, 5.2, and 5.3 of the RSA tool, although other versions may also be affected.

The RSA patch can be found here:

https://knowledge.rsasecurity.com/

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy