RSA SecurID vulnerability

Rapid7 reports that the secure redirect function of the RSA ACE/Agents protecting IIS, Apache, and SunONE Web servers contains a cross-site scripting vulnerability. "An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access."

A fix can be found at http://www.rapid7.com/advisories/R7-0014.html

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Apache

Show Comments