Vulnerability Details : CVE-2014-4631
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-4631
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4631
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4631
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-4631
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4631
-
http://www.securitytracker.com/id/1031297
RSA Adaptive Authentication Challenge SOAP Call Device Binding Flaw Lets Remote Users Bypass Authentication - SecurityTracker
-
http://www.securityfocus.com/archive/1/534136/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/71423
RSA Adaptive Authentication (On-Premise) CVE-2014-4631 Authentication Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99086
RSA Adaptive Authentication security bypass CVE-2014-4631 Vulnerability Report
Jump to