CVE-2002-0507
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
Una interacción entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticación SecurID para un usuario anterior mediante varios envios de una petición de autenticación OWA con la contraseña adecuada del usuario anterior, que es acaba siendo aceptada por OWA.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-06-07 CVE Reserved
- 2002-06-11 CVE Published
- 2024-05-11 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://online.securityfocus.com/archive/1/264705 | 2020-04-02 | |
| http://www.iss.net/security_center/static/8681.php | 2020-04-02 | |
| http://www.securityfocus.com/bid/4390 | 2020-04-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 5.5 Search vendor "Microsoft" for product "Exchange Server" and version "5.5" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 2000 Search vendor "Microsoft" for product "Exchange Server" and version "2000" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 2000 Search vendor "Microsoft" for product "Exchange Server" and version "2000" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Exchange Server Search vendor "Microsoft" for product "Exchange Server" | 2000 Search vendor "Microsoft" for product "Exchange Server" and version "2000" | sp2 |
Affected
| ||||||
| Rsa Search vendor "Rsa" | Securid Search vendor "Rsa" for product "Securid" | 5.0 Search vendor "Rsa" for product "Securid" and version "5.0" | - |
Affected
| ||||||