Open Redirect Vulnerability in RSA Authentication Agent for Web IIS
CVE-2008-2027

Currently unrated

Key Information:

Vendor: Rsa
Status: Authentication Agent
Vendor: CVE Published:; 30 April 2008

What is CVE-2008-2027?

An open redirect vulnerability is present in the WebID/IISWebAgentIF.dll component of the RSA Authentication Agent 5.3.0.258. This issue occurs when the application is accessed through certain web browsers, specifically allowing attackers to craft malicious URLs. By exploiting this vulnerability, attackers can redirect users to arbitrary external sites, potentially leading to phishing attacks where users unknowingly provide sensitive information. Proper validation of URL parameters is necessary to mitigate this risk and secure user interactions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42184

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/28907

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/3850

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2008
Vulnerability Reserved
Apr 30, 2008

Rsa

What is CVE-2008-2027?

References

Timeline