CVE Vulnerabilities

CVE-2014-0643

Improper Authentication

Published: May 16, 2014 | Modified: Dec 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Rsa_netwitness Emc * *
Rsa_security_analytics Emc 10.2 *
Rsa_security_analytics Emc 10.3 *

Potential Mitigations

References