Vulnerability Details CVE-2014-4631
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/archive/1/534136/100/0/threaded
- http://www.securityfocus.com/bid/71423
- http://www.securitytracker.com/id/1031297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99086
- http://www.securityfocus.com/archive/1/534136/100/0/threaded
- http://www.securityfocus.com/bid/71423
- http://www.securitytracker.com/id/1031297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99086
Products affected by CVE-2014-4631
-
cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1
-
cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0
-
cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1