CVE-2001-1105

2002-03-1505:00:00

mitre

www.cve.org

AI Score

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

References

www.ciac.org/ciac/bulletins/l-141.shtml

www.cisco.com/warp/public/707/SSL-J-pub.html

www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

www.securityfocus.com/bid/3329

exchange.xforce.ibmcloud.com/vulnerabilities/7112