[SingCERT] RSA Access Manager Session Replay Flaw Lets Remote Users Access the System
- Published on Thursday, 05 July 2012 00:00
[ Summary ]
RSA has released fixes for RSA Access Manager. Vulnerability was reported in RSA Access Manager whereby a remote user can gain access to the target system by exploiting a flaw in the logout process and replay session credentials.
[ Affected Products ]
RSA Access Manager Server version 6.0.x, 6.1, 6.1 SP1, 6.1 SP2, 6.1 SP3; all Agent versions
[ Impact Analysis ]
A remote user can access the target system by exploiting a flaw in the logout process and replay session credentials to gain access to the target system.
[ Solution/Workaround ]
Updates are available. Please refer to RSA.
[ Reference ]