CVE-2013-3273

RSA Authentication Manager Information Disclosure

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.

EMC RSA Authentication Manager v8.0 anterior a P2 y v 7.1 anterior a SP4 P26, como es usado en Appliance v3.0, no omite la contraseña administrativa en texto claro desde el registro de seguimiento en aplicaciones SDK personalizadas, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero de registro.

If the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager with the trace logging is set to verbose, the administrative account password used by the custom application appears in the trace log file as clear text. Affected products include RSA Authentication Manager version 7.1 and 8.0.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-04-26 CVE Reserved
2013-07-06 CVE Published
2024-09-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (1)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2013-07/0046.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Emc Search vendor "Emc"		Rsa Authentication Manager Search vendor "Emc" for product "Rsa Authentication Manager"				7.1 Search vendor "Emc" for product "Rsa Authentication Manager" and version "7.1"		-		Affected
Emc Search vendor "Emc"		Rsa Authentication Manager Search vendor "Emc" for product "Rsa Authentication Manager"				7.1 Search vendor "Emc" for product "Rsa Authentication Manager" and version "7.1"		sp2		Affected
Emc Search vendor "Emc"		Rsa Authentication Manager Search vendor "Emc" for product "Rsa Authentication Manager"				7.1 Search vendor "Emc" for product "Rsa Authentication Manager" and version "7.1"		sp3		Affected
Emc Search vendor "Emc"		Rsa Authentication Manager Search vendor "Emc" for product "Rsa Authentication Manager"				8.0 Search vendor "Emc" for product "Rsa Authentication Manager" and version "8.0"		p1		Affected
Rsa Search vendor "Rsa"		Authentication Manager Search vendor "Rsa" for product "Authentication Manager"				7.1 Search vendor "Rsa" for product "Authentication Manager" and version "7.1"		sp1		Affected
Rsa Search vendor "Rsa"		Authentication Manager Search vendor "Rsa" for product "Authentication Manager"				8.0 Search vendor "Rsa" for product "Authentication Manager" and version "8.0"		-		Affected