In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator’s browser session.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 999,623 bad guys.