Lucene search

MitreCVE-2002-0507

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0507

2002-08-1204:00:00

CWE-287

mitre

web.nvd.nist.gov

microsoft

owa

rsa securid

authentication bypass

vulnerability

cve-2002-0507

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.043

Percentile

92.3%

JSON

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

Affected configurations

Nvd

Node

microsoftexchange_serverMatch5.5-

microsoftexchange_serverMatch5.5sp1

microsoftexchange_serverMatch5.5sp2

microsoftexchange_serverMatch5.5sp3

microsoftexchange_serverMatch5.5sp4

microsoftexchange_serverMatch2000-

microsoftexchange_serverMatch2000sp1

microsoftexchange_serverMatch2000sp2

Node

rsasecuridMatch5.0

VendorProductVersionCPE
microsoftexchange_server5.5cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
microsoftexchange_server5.5cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
microsoftexchange_server5.5cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
microsoftexchange_server5.5cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
microsoftexchange_server5.5cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
microsoftexchange_server2000cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
microsoftexchange_server2000cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
microsoftexchange_server2000cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
rsasecurid5.0cpe:2.3:h:rsa:securid:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	exchange_server	5.5	cpe:2.3:a:microsoft:exchange_server:5.5:-::::::
microsoft	exchange_server	5.5	cpe:2.3:a:microsoft:exchange_server:5.5:sp1::::::
microsoft	exchange_server	5.5	cpe:2.3:a:microsoft:exchange_server:5.5:sp2::::::
microsoft	exchange_server	5.5	cpe:2.3:a:microsoft:exchange_server:5.5:sp3::::::
microsoft	exchange_server	5.5	cpe:2.3:a:microsoft:exchange_server:5.5:sp4::::::
microsoft	exchange_server	2000	cpe:2.3:a:microsoft:exchange_server:2000:-::::::
microsoft	exchange_server	2000	cpe:2.3:a:microsoft:exchange_server:2000:sp1::::::
microsoft	exchange_server	2000	cpe:2.3:a:microsoft:exchange_server:2000:sp2::::::
rsa	securid	5.0	cpe:2.3:h:rsa:securid:5.0:::::::*

References

online.securityfocus.com/archive/1/264705

www.iss.net/security_center/static/8681.php

www.securityfocus.com/bid/4390

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.043

Percentile

92.3%

JSON

Related for CVE-2002-0507