CVE-2012-2287

Published: Sep 25, 2012Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

Affected (2)

Products: Emc: Rsa Authentication Agent, Rsa Authentication Client

2 products

Rsa Authentication Agent

Rsa Authentication Client

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Emc Rsa Authentication Agent	Version 7.1
Emc Rsa Authentication Client	Version 3.5

Running on/with	Platform Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/55662

Source: security_alert@emc.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78802

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/55662

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78802

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.