Authentication Bypass in EMC RSA NetWitness and RSA Security Analytics
CVE-2014-0643 · HIGH Severity
AV:N/AC:H/AU:N/C:C/I:C/A:C
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
Learn more about our Web Application Penetration Testing UK.