CVE-2014-4631
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
RSA Adaptive Authentication (On-Premise) 6.0.2.1 hasta 7.1 P3, cuando utiliza la vinculación de dispositivos en una llamada Challenge SOAP o utiliza adaptadores de la integración de autenticación adaptiva RSA con la funcionalidad Out-of-Band Phone (Authentify), realiza la vinculación de dispositivos permanente incluso cuando falla la autenticación, lo que permite a atacantes remotos evadir la autenticación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-06-24 CVE Reserved
- 2014-12-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/534136/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/71423 | Vdb Entry | |
| http://www.securitytracker.com/id/1031297 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99086 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp1_patch2 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp1_patch3 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp2 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp2_patch1 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp3 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 6.0.2.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "6.0.2.1" | sp3_p3 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 7.0 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "7.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 7.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "7.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Adaptive Authentication On-premise Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" | 7.1 Search vendor "Emc" for product "Rsa Adaptive Authentication On-premise" and version "7.1" | p2 |
Affected
| ||||||