Vigil@nce - RSA Authentication Agent for PAM: Brute Force
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a Brute Force attack against RSA
Authentication Agent for PAM, in order to guess users’ passwords.
Impacted products: RSA Authentication Agent
Severity: 2/4
Creation date: 20/08/2013
DESCRIPTION OF THE VULNERABILITY
The RSA Authentication Agent for PAM product manages the
authentication using the PAM (Pluggable Authentication Module)
system.
However, it does not limit the number of authentication attempts.
An attacker can therefore use a Brute Force attack against RSA
Authentication Agent for PAM, in order to guess users’ passwords.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/RSA-Authentication-Agent-for-PAM-Brute-Force-13298