CVE-2012-2287
RSA Authentication Agent 7.1 / Client 3.5 Access Control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
La funcionalidad de autenticación en EMC RSA Authentication Client v7.1 y RSA Authentication v3.5 en Windows XP y Windows Server 2003, con una configuración no especificada, permite a usuarios remotos autenticados eludir el token de autenticación, y establecer una sesión de conexión a un host remoto, aprovechándose de las credenciales de Windows para ese host.
Under some configuration conditions, a user of RSA Authentication Agent 7.1 for Windows or RSA Authentication Client who has privilege to access a desktop or a server is incorrectly able to do so with only Windows credentials.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-19 CVE Reserved
- 2012-09-24 CVE Published
- 2024-08-06 CVE Updated
- 2025-06-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/55662 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78802 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html | 2019-02-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emc Search vendor "Emc" | Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent" | 7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
Emc Search vendor "Emc" | Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent" | 7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|
Emc Search vendor "Emc" | Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client" | 3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
Emc Search vendor "Emc" | Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client" | 3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|