RSA patches web authentication flaw

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.

The exploit affects the RSA authentication agent for web for internet information services. 

Internet security researcher Secunia, which reported the vulnerability, said the security hole is due to a boundary error and can be exploited to cause a “heap-based buffer overflow”.  

Secunia said a remote hacker can send an overly long "chunk" of data to the chunked-encoding mechanism of the service to exploit the vulnerability. 

Once in, the attacker can execute arbitrary code. Secunia said the vulnerability has been reported in versions 5, 5.2, and 5.3 of the RSA tool, although other versions may also be affected.

The RSA patch can be found here:

https://knowledge.rsasecurity.com/

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close