RSA SecurID vulnerability

Rapid7 reports that the secure redirect function of the RSA ACE/Agents protecting IIS, Apache, and SunONE Web servers contains a cross-site scripting vulnerability. "An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access."

A fix can be found at http://www.rapid7.com/advisories/R7-0014.html

Join the newsletter!

Or
Error: Please check your email address.

More about Apache

Show Comments