CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.3%
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | exchange_server | 5.5 | cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:* |
microsoft | exchange_server | 5.5 | cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:* |
microsoft | exchange_server | 5.5 | cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:* |
microsoft | exchange_server | 5.5 | cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:* |
microsoft | exchange_server | 5.5 | cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:* |
microsoft | exchange_server | 2000 | cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:* |
microsoft | exchange_server | 2000 | cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:* |
microsoft | exchange_server | 2000 | cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:* |
rsa | securid | 5.0 | cpe:2.3:h:rsa:securid:5.0:*:*:*:*:*:*:* |