RSA products found to have security flaws
RSA has disclosed a number of vulnerabilities affecting its RSA Archer and RSA Authentication Manager products. The flaws could enable an attacker to obtain passwords to use in further attacks.
According to postings on Seclists.org, RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files.
"An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks," according to one posting.
There is a second flaw in RSA Archer versions, prior to 6.5 SP2. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
Both vulnerabilities have been given CVSSv3 scores of 7.8.
RSA said that it has fixes for the multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. It recommended that all customers upgrade at the earliest opportunity.
In a second posting, RSA’s Authentication Manager contains a vulnerability associated with insecure credential management.
In versions prior to 8.4 P1, it contains an Insecure Credential Management Vulnerability.
"A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks," RSA said in a statement. The flaw has been given a CVSSv3 Base Score of 5.8.
The company said that organisations should upgrade at the earliest opportunity to RSA Authentication Manager version 8.4 P1 and later.
Marina Kidron, director of threat intelligence at Skybox Lab, Skybox Security, told SC Media UK that initially, organisations need to do an in-depth visibility check that includes up-to-date scans and scan less solutions, and evaluate if they have these products in their network.
"Then apply the patch that’s recommended by the vendor or, if available, apply a network IPS signature. Additionally, you could use multi-factor authentication or and limit users by implementing a Policy of Least Privilege. Both of these approaches would work well here because these vulnerabilities require an authenticated attacker," she said.
"Known vulnerabilities are responsible for 97 percent of breaches and are far more dangerous and far more common than 0-days. The pressure of being in a SIEM arms race can be significantly eased by keeping track of relevant disclosures and patching quickly. Prioritise the patching of security products above that of the hardware and software that sits downstream from them. Vulnerabilities affecting security products are not a new thing, and should be identified, understood and mitigated with respect to the SLA," she added.
source scmagazineuk
Industry: Cyber Security News
Latest Jobs
-
- SOC Manager. SC Clearance. Immediate opportunity.
- Unknown
- N/A
-
Permanent SOC Manager. SC cleared / clearable, London / Birmingham. SOC Manager needed to replace a SOC contractor I placed into a client who is due to complete their assignment at the end of March. The ability to achieve SC clearance is essential. Looking for someone that is a blend of strategic stakeholder engagement with strong technical skills. The role will sit in a relatively new SOC environment. The position is to setup, implementation and management of resources to help with the initial and on-going stages of a new SOC. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-manager-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
-
- Security engineer. Financial Services. UK. Permanent
- Unknown
- N/A
-
CH7863 Security engineer. End User . Financial Services Security Engineer needed to monitor and manage a security suite of tools within an End User environment. The Security Engiener will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within an end user environment within financial services is highly desirable. Flexible location. This is an exclusive role to DCL Search & Selection. To book a call please use my Calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role-
-
- DevSecOps - Security design / review consultant. SC Clearance. London
- London
- N/A
-
CH7858 London £70,000 DevSecOps - Security design / review consultant. DevSecOps - Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
-
- CONTRACTOR Cyber Vulnerability Analyst, NESSUS, Rapid 7, SC clearance required.
- London
- N/A
-
Cyber Vulnerability analyst NESSUS, Rapid 7, needed for IMMEDIATE 3 month contract MUST have / be able to achieve UK SC clearance role to work within a live environment within a public sector department. The individual must have experience in using various security methods and tools such as Rapid7 and NESSUS scan for / identify vulnerabilities, prioritise them according to risk and raise appropriate tickets for remediation / follow up. In depth experience utilising Nessus highly beneficial. Current cyber public sector experience highly desirable.