CVE-2013-3271

EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html
http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_authentication_agent:7.0.0:::::::*
	cpe:2.3:a:emc:rsa_authentication_agent:7.0.1:::::::*
	cpe:2.3:a:emc:rsa_authentication_agent:7.0.2:::::::*

History

21 Nov 2024, 01:53

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html -

Information

Published : 2013-08-28 13:13

Updated : 2024-11-21 01:53

NVD link : CVE-2013-3271

Mitre link : CVE-2013-3271

CVE.ORG link : CVE-2013-3271

JSON object : View

Products Affected

emc

rsa_authentication_agent

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-3271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-28T13:13:58.180", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html", "source": "security_alert@emc.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0123.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack."}, {"lang": "es", "value": "EMC RSA Authentication Agent para PAM v7.0 anterior a v7.0.2.1 hace cumplir el n\u00famero m\u00e1ximo de intentos de conexi\u00f3n del c\u00f3digo base cuando PAM est\u00e1 habilitado, en lugar de en el c\u00f3digo base del Agente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos descubrir credenciales correctas a trav\u00e9s de un ataque de fuerza bruta."}], "lastModified": "2024-11-21T01:53:18.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_authentication_agent:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "894453F7-9D59-498F-89A4-60EA9EBEC0A0"}, {"criteria": "cpe:2.3:a:emc:rsa_authentication_agent:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28B25179-F782-4E6A-BF34-6FAD84B68BA1"}, {"criteria": "cpe:2.3:a:emc:rsa_authentication_agent:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2798B404-E71D-4943-B37B-2A2207CDAE87"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}