Authentication Bypass in EMC RSA NetWitness and RSA Security Analytics

Authentication Bypass in EMC RSA NetWitness and RSA Security Analytics

CVE-2014-0643 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Learn more about our Web Application Penetration Testing UK.