CVE-2012-2287

RSA Authentication Agent 7.1 / Client 3.5 Access Control

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

La funcionalidad de autenticación en EMC RSA Authentication Client v7.1 y RSA Authentication v3.5 en Windows XP y Windows Server 2003, con una configuración no especificada, permite a usuarios remotos autenticados eludir el token de autenticación, y establecer una sesión de conexión a un host remoto, aprovechándose de las credenciales de Windows para ese host.

Under some configuration conditions, a user of RSA Authentication Agent 7.1 for Windows or RSA Authentication Client who has privilege to access a desktop or a server is incorrectly able to do so with only Windows credentials.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-04-19 CVE Reserved
2012-09-24 CVE Published
2024-08-06 CVE Updated
2025-06-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/55662	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/78802	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html	2019-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Emc Search vendor "Emc"	Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent"	7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	-	Safe
Emc Search vendor "Emc"	Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent"	7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe
Emc Search vendor "Emc"	Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client"	3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	-	Safe
Emc Search vendor "Emc"	Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client"	3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe