Denial of service in RSA Authentication Manager - CVE-2017-8006
Published: July 13, 2017
Vulnerability identifier: #VU7497
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8006
CWE-ID: CWE-799
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: RSA
Affected software:
RSA Authentication Manager
RSA Authentication Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper control of interaction frequency. A remote attacker with knowledge of the target user's Self-Service Console credentials can connect to the Self-Service Console and conduct a brute force PIN guessing attack to determine the target user's PIN and reset the PIN, causing the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper control of interaction frequency. A remote attacker with knowledge of the target user's Self-Service Console credentials can connect to the Self-Service Console and conduct a brute force PIN guessing attack to determine the target user's PIN and reset the PIN, causing the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-8006
Update to version 8.2 SP1 Patch 2.