back to article RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA's software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache …

  1. Anonymous Coward
    Anonymous Coward

    Who could possibly gain from this ?

  2. John Smith 19 Gold badge

    " Who could possibly gain from this ?"

    Probably the same people who benefited from having a lower security encryption algorithm set up as the default?

    RSA are starting to look very TLA friendly.

    And that's not a good thing given their core business.

  3. A Non e-mouse Silver badge
    Big Brother

    How much did the NSA pay RSA to put those bugs features in, I wonder...

    1. Paul Crawford Silver badge

      I believe the going rate is $10M:

  4. Harry from Seattle

    Or maybe Mossad. RSA is an untrustworthy organization.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like