RSA Authentication Client 3.5 < 3.5.6 Local Authentication Bypass

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by an authentication bypass vulnerability.

Description :

RSA Authentication Client, an authentication client from RSA Security,
is installed on the remote Windows host. The installed version of RSA
Authentication Client 3.5 is earlier than 3.5.6 and is, therefore,
potentially affected by an authentication bypass vulnerability. Under
certain circumstances, a user who only has access to a desktop or server
could be able to connect with only Windows credentials.

See also :

http://www.securityfocus.com/archive/1/524219/30/0/threaded

Solution :

Upgrade to RSA Authentication Client 3.5.6 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62438 ()

Bugtraq ID: 55662

CVE ID: CVE-2012-2287

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now