RSA has been forced to issue a patch to prevent hackers from exploiting a flaw in its web authentication tool.
The exploit affects the RSA authentication agent for web for internet information services.
Internet security researcher Secunia, which reported the vulnerability, said the security hole is due to a boundary error and can be exploited to cause a “heap-based buffer overflow”.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Secunia said a remote hacker can send an overly long "chunk" of data to the chunked-encoding mechanism of the service to exploit the vulnerability.
Once in, the attacker can execute arbitrary code. Secunia said the vulnerability has been reported in versions 5, 5.2, and 5.3 of the RSA tool, although other versions may also be affected.
The RSA patch can be found here: