CVE Vulnerabilities

CVE-2002-0507

Improper Authentication

Published: Aug 12, 2002 | Modified: Apr 02, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Exchange_server Microsoft 5.5 5.5
Exchange_server Microsoft 5.5 5.5
Exchange_server Microsoft 5.5 5.5
Exchange_server Microsoft 5.5 5.5
Exchange_server Microsoft 5.5 5.5
Exchange_server Microsoft 2000 2000
Exchange_server Microsoft 2000 2000
Exchange_server Microsoft 2000 2000

Potential Mitigations

References