VULHUB ™

RSA SecurID is a commercial product which provides local and remote authentication to restrict unauthorized access to resources on a host. WebID provides web-based authentication. A vulnerability exists in SecurID which could allow an unauthorized user to gain access to a known file residing on the target host. This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "\" , is submitted to a host. Disclosure of sensitive information may allow for more 'intelligent' attacks.

RSA SecurID is a commercial product which provides local and remote authentication to restrict unauthorized access to resources on a host. WebID provides web-based authentication. A vulnerability exists in SecurID which could allow an unauthorized user to gain access to a known file residing on the target host. This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "\" , is submitted to a host. Disclosure of sensitive information may allow for more 'intelligent' attacks.