CVE-2013-0941
Summary
| CVE | CVE-2013-0941 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-05-22 13:29:00 UTC |
| Updated | 2013-05-23 04:00:00 UTC |
| Description | EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Http Server | All | All | All | All |
| Application | Apache | Http Server | All | All | All | All |
| Application | Microsoft | Internet Information Server | All | All | All | All |
| Application | Microsoft | Internet Information Server | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Rsa | Authentication Agent | All | All | All | All |
| Application | Rsa | Authentication Api | All | All | All | All |
| Application | Rsa | Pluggable Authentication Module Agent | All | All | All | All |
| Application | Rsa | Securid Web Agent | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20130516 ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability | BUGTRAQ | archives.neohapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.