CVE-2013-0941

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

E

MC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html
http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:rsa:authentication_api:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:rsa:pluggable_authentication_module_agent:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:rsa:authentication_agent:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html -

Information

Published : 2013-05-22 13:29

Updated : 2025-04-11 00:51

NVD link : CVE-2013-0941

Mitre link : CVE-2013-0941

CVE.ORG link : CVE-2013-0941

JSON object : View

Products Affected

http_server

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2013-0941", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-22T13:29:45.513", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html", "source": "[email protected]"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0064.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data."}, {"lang": "es", "value": "La API de autenticaci\u00f3n de EMC RSA anterior a v8.1 SP1, RSA Web Agent anterior a v5.3.5 para Apache Web Server, RSA Web Agent anterior a v5.3.5 para IIS, RSA PAM Agent anterior a v7.0, y RSA Agent anterior a v6.1.4 para Microsoft Windows utiliza un algoritmo de cifrado inadecuado y una clave d\u00e9bil para el mantenimiento de los datos almacenados en el nodo secreto para la API de autenticaci\u00f3n SecurID, permitiendo a usuarios locales obtener informaci\u00f3n sensible mediante ataques criptogr\u00e1ficos de estos datos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:authentication_api:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "106A85E9-6CC3-4FEF-B4DC-E2324FCA2EC4", "versionEndIncluding": "8.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085DCA9D-174A-4B6E-984B-E870E6B466FC", "versionEndIncluding": "5.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085DCA9D-174A-4B6E-984B-E870E6B466FC", "versionEndIncluding": "5.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE9D333C-76E2-4BD9-B98B-5CB96363AB89"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:pluggable_authentication_module_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "923ED08F-368E-46EC-AAF4-6B1B924B4280", "versionEndIncluding": "6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:authentication_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "653BDB04-670F-4E57-A3AA-AE56162F28DB", "versionEndIncluding": "6.1.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://archives.neohapsis.com/archives/bugtraq/2013-05/att-0064/ESA-2013-029.txt\r\n\r\n\"RSA SecurID Sensitive Information Disclosure Vulnerability\"", "sourceIdentifier": "[email protected]"}