RSA products found to have security flaws

News by Rene Millman

RSA has disclosed a number of vulnerabilities affecting its RSA Archer and RSA Authentication Manager products. The flaws could enable an attacker to obtain passwords to use in further attacks.

RSA has disclosed a number of vulnerabilities affecting its RSA Archer and RSA Authentication Manager products. The flaws could enable an attacker to obtain passwords to use in further attacks.

According to postings on Seclists.org, RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files.

"An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks," according to one posting.

There is a second flaw in RSA Archer versions, prior to 6.5 SP2. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Both vulnerabilities have been given CVSSv3 scores of 7.8.

RSA said that it has fixes for the multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. It recommended that all customers upgrade at the earliest opportunity.

In a second posting, RSA’s Authentication Manager contains a vulnerability associated with insecure credential management.

In versions prior to 8.4 P1, it contains an Insecure Credential Management Vulnerability.

"A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks," RSA said in a statement. The flaw has been given a CVSSv3 Base Score of 5.8.

The company said that organisations should upgrade at the earliest opportunity to RSA Authentication Manager version 8.4 P1 and later.

Marina Kidron, director of threat intelligence at Skybox Lab, Skybox Security, told SC Media UK that initially, organisations need to do an in-depth visibility check that includes up-to-date scans and scan less solutions, and evaluate if they have these products in their network.

"Then apply the patch that’s recommended by the vendor or, if available, apply a network IPS signature. Additionally, you could use multi-factor authentication or and limit users by implementing a Policy of Least Privilege. Both of these approaches would work well here because these vulnerabilities require an authenticated attacker," she said.

"Known vulnerabilities are responsible for 97 percent of breaches and are far more dangerous and far more common than 0-days. The pressure of being in a SIEM arms race can be significantly eased by keeping track of relevant disclosures and patching quickly. Prioritise the patching of security products above that of the hardware and software that sits downstream from them. Vulnerabilities affecting security products are not a new thing, and should be identified, understood and mitigated with respect to the SLA," she added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop