Sign in / up

back to article RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA's software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Who could possibly gain from this ?

    2 0 Reply
  2. John Smith 19 Gold badge
    Gimp

    " Who could possibly gain from this ?"

    Probably the same people who benefited from having a lower security encryption algorithm set up as the default?

    RSA are starting to look very TLA friendly.

    And that's not a good thing given their core business.

    3 1 Reply
  3. A Non e-mouse Silver badge
    Big Brother

    How much did the NSA pay RSA to put those bugs features in, I wonder...

    3 0 Reply
    1. Paul Crawford Silver badge
      Reply Icon

      I believe the going rate is $10M:

      https://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/

      4 0 Reply
  4. Harry from Seattle

    Or maybe Mossad. RSA is an untrustworthy organization.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like