CVE-2014-0643

Published: May 16, 2014Modified: May 6, 2026

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 4.9 / Impact: 10.0

Source: NVD

Description

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Affected (3)

Products: Emc: Rsa Netwitness, Rsa Security Analytics

2 products

Rsa Security Analytics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Emc Rsa Netwitness	Before 9.8.5.19
Emc Rsa Security Analytics	From 10.2 to 10.2.4
Emc Rsa Security Analytics	From 10.3 to 10.3.2

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html

Source: security_alert@emc.com

Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.