CVE-2019-3758
18.09.2019, 23:15
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rsa | archer | 𝑥 < 6.6.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-521 - Weak Password RequirementsThe product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.