N/A

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

N/A

N/A

Dell EMC RSA Authentication Agent for Web for IIS 信息泄露漏洞

Dell EMC RSA Authentication Agent for Web for IIS是美国戴尔（Dell）公司的一套用于IIS服务器的远程访问请求验证软件。该软件用于拦截远程访问和本地用户或用户组的请求，将其引导至RSA认证管理服务器进行身份验证。 Dell EMC RSA Authentication Agent for Web for IIS 8.0.1及之前版本中存在信息泄露漏洞，该漏洞源于程序没有限制未授权用户的访问。本地攻击者可利用该漏洞读取配置属性。

N/A

N/A