Описание
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
Ссылки
- Third Party AdvisoryVDB EntryVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB EntryVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB EntryVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:h:rsa:securid:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00987
Низкий
2.1 Low
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
EPSS
Процентиль: 76%
0.00987
Низкий
2.1 Low
CVSS2
Дефекты
CWE-287