| Vulnerability Name: | CVE-2002-0507 (CCN-8681) | ||||||||
| Assigned: | 2002-03-28 | ||||||||
| Published: | 2002-03-28 | ||||||||
| Updated: | 2020-04-02 | ||||||||
| Summary: | An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Mar 28 2002 - 03:58:58 CST Authentication with RSA SecurID and Outlook web access Source: MITRE Type: CNA CVE-2002-0507 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry, Vendor Advisory 20020328 Authentication with RSA SecurID and Outlook web access Source: XF Type: Vendor Advisory exchange-owa-securid-bypass(8681) Source: CCN Type: OSVDB ID: 4932 Microsoft Outlook Web Access SecurID Authentication Bypass Source: BID Type: Third Party Advisory, VDB Entry, Vendor Advisory 4390 Source: CCN Type: BID-4390 Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability Source: XF Type: UNKNOWN exchange-owa-securid-bypass(8681) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||