CVE-2013-0931 - EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock tim

CVE-2013-0931

Summary

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. Per http://archives.neohapsis.com/archives/bugtraq/2013-03/att-0001/ESA-2013-012.txt "Affected Products: Product: RSA Authentication Agent for Microsoft Windows version 7.1 and 7.1.1 Platforms: Windows XP and Windows 2003"

References

http://archives.neohapsis.com/archives/bugtraq/2013-03/0001.html

Vulnerable Configurations

cpe:2.3:a:rsa:authentication_agent_for_windows:7.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:authentication_agent_for_windows:7.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:authentication_agent_for_windows:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:authentication_agent_for_windows:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

CVSS

Base:	5.4 (as of 06-03-2013 - 05:00)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq

20130228 ESA-2013-012: RSA Authentication Agent 7.1.1 for Microsoft Windows Access Control Vulnerability

Last major update

06-03-2013 - 05:00

Published

05-03-2013 - 22:03

Last modified

06-03-2013 - 05:00