Authentication Bypass in RSA SecurID Web Agent Affects EMC
CVE-2015-6851

6.7MEDIUM

Key Information:

Vendor

Rsa
Status
Securid Web Agent
Vendor
CVE Published:
23 December 2015

What is CVE-2015-6851?

RSA SecurID Web Agent prior to version 8.0 is susceptible to an authentication bypass vulnerability that enables attackers with physical proximity to exploit unattended workstations. By utilizing tools like DOM Inspector, malicious users can circumvent privacy-screen protections, potentially gaining unauthorized access to sensitive information or systems. This vulnerability underscores the importance of securing workstations from physical access to prevent unauthorized actions.

References

http://seclists.org/bugtraq/2015/Dec/115
mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1034510
vdb-entryx_refsource_SECTRACK
http://packetstormsecurity.com/files/135013/RSA-SecurID-W...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.