Vulnerabilities > CVE-2006-7201 - Remote Security vulnerability in Rsa Security Sitekey

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

emc

critical

NVD

Published: 2007-04-30

Updated: 2008-09-05

Summary

EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC RSA Security Sitekey *	1

References

http://www.cr-labs.com/publications/SiteKey-20060718.pdf
http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf