← Back

CVE-2014-4631

nvd nist
Published: Dec 8, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.

Affected (10)

Emc
1 product
Rsa Adaptive Authentication On Premise
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Emc
Rsa Adaptive Authentication On Premise
Version 6.0.2.1
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp1_patch2
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp1_patch3
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp2
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp2_patch1
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp3
Rsa Adaptive Authentication On Premise
Version 6.0.2.1 sp3_p3
Rsa Adaptive Authentication On Premise
Version 7.0
Rsa Adaptive Authentication On Premise
Version 7.1
Rsa Adaptive Authentication On Premise
Version 7.1 p2

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

Source: security_alert@emc.com
Source: security_alert@emc.com
Source: security_alert@emc.com
Source: security_alert@emc.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.