VULHUB ™

RSA SecurID is a commercial product which provides local and remote authentication to restrict unauthorized access to resources on a host. WebID provides web-based authentication. Due to an input validation error, it is possible for a remote attacker to insert a null(%00) into a web request to cause SecurID WebID to go into debug mode. This may allow the remote attacker to glean information about the host from the errors that occur. The null character must be placed before the first directory in a specially crafted web request.

RSA SecurID is a commercial product which provides local and remote authentication to restrict unauthorized access to resources on a host. WebID provides web-based authentication. Due to an input validation error, it is possible for a remote attacker to insert a null(%00) into a web request to cause SecurID WebID to go into debug mode. This may allow the remote attacker to glean information about the host from the errors that occur. The null character must be placed before the first directory in a specially crafted web request.