CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:rsa:authentication_api:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:rsa:pluggable_authentication_module_agent:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:rsa:authentication_agent:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-05-22 13:29

Updated : 2024-02-28 12:00

NVD link : CVE-2013-0941

Mitre link : CVE-2013-0941

CVE.ORG link : CVE-2013-0941

JSON object : View

Products Affected

rsa

authentication_api
securid_web_agent
pluggable_authentication_module_agent
authentication_agent

microsoft

internet_information_server
windows

apache

http_server

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2013-0941", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-22T13:29:45.513", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data."}, {"lang": "es", "value": "La API de autenticaci\u00f3n de EMC RSA anterior a v8.1 SP1, RSA Web Agent anterior a v5.3.5 para Apache Web Server, RSA Web Agent anterior a v5.3.5 para IIS, RSA PAM Agent anterior a v7.0, y RSA Agent anterior a v6.1.4 para Microsoft Windows utiliza un algoritmo de cifrado inadecuado y una clave d\u00e9bil para el mantenimiento de los datos almacenados en el nodo secreto para la API de autenticaci\u00f3n SecurID, permitiendo a usuarios locales obtener informaci\u00f3n sensible mediante ataques criptogr\u00e1ficos de estos datos."}], "lastModified": "2013-05-23T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:authentication_api:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "106A85E9-6CC3-4FEF-B4DC-E2324FCA2EC4", "versionEndIncluding": "8.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085DCA9D-174A-4B6E-984B-E870E6B466FC", "versionEndIncluding": "5.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085DCA9D-174A-4B6E-984B-E870E6B466FC", "versionEndIncluding": "5.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE9D333C-76E2-4BD9-B98B-5CB96363AB89"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:pluggable_authentication_module_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "923ED08F-368E-46EC-AAF4-6B1B924B4280", "versionEndIncluding": "6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:authentication_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "653BDB04-670F-4E57-A3AA-AE56162F28DB", "versionEndIncluding": "6.1.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://archives.neohapsis.com/archives/bugtraq/2013-05/att-0064/ESA-2013-029.txt\r\n\r\n\"RSA SecurID Sensitive Information Disclosure Vulnerability\"", "sourceIdentifier": "security_alert@emc.com"}