Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RSA Authentication Client PKCS#11 API请求权限许可和访问控制漏洞
Vulnerability Description
RSA Authentication Client 2.0.x, 3.0以及3.5.3之前的3.5.x版本不能正确处理存储于SecurID 800认证中密钥对象中的SENSITIVE或者NON-EXTRACTABLE标签。本地用户可以借助未明的PKCS#11 API请求绕过访问限制并读取密钥内容。
CVSS Information
N/A
Vulnerability Type
N/A