CVE-2006-7199
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
EMC RSA Security SiteKey permite a atacantes remotos mostrar la imagen correcta mediante un ataque de hombre-en-medio (MITM) en el cual un servidor controlado por el atacante hace de proxy para los datos de autenticación desde y hacia un servidor SiteKey legítimo. NOTA: el fabricante niega la severidad de este problema, afirmando que es más fácil monitorizar este ataque que "ataques contra páginas web estáticas".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-04-30 CVE Reserved
- 2007-04-30 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.cr-labs.com/publications/SiteKey-20060718.pdf | X_refsource_misc | |
| http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf | X_refsource_misc | |
| http://www.networkworld.com/newsletters/sec/2007/0402sec2.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Security Sitekey Search vendor "Emc" for product "Rsa Security Sitekey" | * | - |
Affected
| ||||||