Worried customers contacted the company after reading about a flaw in RSA's ACE/Agent for Windows and ACE/Agent for Windows 2000.
RSA said the vulnerability was first found in July, adding that the problem has now been fixed. The company insisted that all its customers were notified in the correct manner. "We notify all our customers about any software problems at the same time," John Worral, RSA's director of strong authentication, told CW360.com.
Customers who contacted RSA after reading the article "must have missed these notifications", said Worral.
However, RSA could not give a reasonable explanation as to why the Computer Emergency Response Team (CERT), a US government-backed institute that monitors Net security, only sent out notification of the vulnerability this week.
The flaw in question allowed remote hackers to bypass the authentication mechanism provided by SecurID, and run programs and read files.
Worral assured CW360.com that he knew of no further problems within the RSA software. He said every effort was being taken to ensure the quality of RSA products, although, he admitted: "Bugs do slip through sometimes".