RSA products found to have security flaws
RSA has disclosed a number of vulnerabilities affecting its RSA Archer and RSA Authentication Manager products. The flaws could enable an attacker to obtain passwords to use in further attacks.
According to postings on Seclists.org, RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files.
"An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks," according to one posting.
There is a second flaw in RSA Archer versions, prior to 6.5 SP2. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
Both vulnerabilities have been given CVSSv3 scores of 7.8.
RSA said that it has fixes for the multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. It recommended that all customers upgrade at the earliest opportunity.
In a second posting, RSA’s Authentication Manager contains a vulnerability associated with insecure credential management.
In versions prior to 8.4 P1, it contains an Insecure Credential Management Vulnerability.
"A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks," RSA said in a statement. The flaw has been given a CVSSv3 Base Score of 5.8.
The company said that organisations should upgrade at the earliest opportunity to RSA Authentication Manager version 8.4 P1 and later.
Marina Kidron, director of threat intelligence at Skybox Lab, Skybox Security, told SC Media UK that initially, organisations need to do an in-depth visibility check that includes up-to-date scans and scan less solutions, and evaluate if they have these products in their network.
"Then apply the patch that’s recommended by the vendor or, if available, apply a network IPS signature. Additionally, you could use multi-factor authentication or and limit users by implementing a Policy of Least Privilege. Both of these approaches would work well here because these vulnerabilities require an authenticated attacker," she said.
"Known vulnerabilities are responsible for 97 percent of breaches and are far more dangerous and far more common than 0-days. The pressure of being in a SIEM arms race can be significantly eased by keeping track of relevant disclosures and patching quickly. Prioritise the patching of security products above that of the hardware and software that sits downstream from them. Vulnerabilities affecting security products are not a new thing, and should be identified, understood and mitigated with respect to the SLA," she added.
source scmagazineuk
Industry: Cyber Security News
Latest Jobs
-
- PCI QSA needed. Discreet Opportunity | London | Client facing
- London
- N/A
-
CH08421 PCI QSA needed. Discreet Opportunity | London | Client facing. Payment Card Industry - Qualified Security Assessor - London Seeking someone looking to accelerate their career, into a variety of interesting clients / projects. Must be happy to be onsite with clients- this is not a fully remote role. You must currently hold a valid CISSP or CISM or ISO27001 lead implementer certification AND one of the following; CISA, GSNA, iso27001 lead Auditor, CIA or IRCA ISMS auditor+ Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Security Operations / information Security Analyst / Engineer. London
- London
- N/A
-
Security Operations / information Security Analyst / Engineer needed for a London opportunity. A technical hands on role to investigate, escalate and proactively work to protect a globally recognised brand. Someone with SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Security Cleared Penetration Tester: United Kindom
- N/A
- N/A
-
Security Cleared Penetration Tester Deliver technical Penetration tests to the NCSC CHECK standard. Active CHECK Member or Leader status desirable either in Web Application or Infrastructure. Reach out to find out more. Whatsapp directly here https://wa.me/message/6USF5RAQBOZIP1 Or apply today