CVE-2002-0507

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/264705	Third Party Advisory VDB Entry Vendor Advisory
http://www.iss.net/security_center/static/8681.php	Vendor Advisory
http://www.securityfocus.com/bid/4390	Third Party Advisory VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:exchange_server:5.5:-::::::
	cpe:2.3:a:microsoft:exchange_server:5.5:sp1::::::
	cpe:2.3:a:microsoft:exchange_server:5.5:sp2::::::
	cpe:2.3:a:microsoft:exchange_server:5.5:sp3::::::
	cpe:2.3:a:microsoft:exchange_server:5.5:sp4::::::
	cpe:2.3:a:microsoft:exchange_server:2000:-::::::
	cpe:2.3:a:microsoft:exchange_server:2000:sp1::::::
	cpe:2.3:a:microsoft:exchange_server:2000:sp2::::::

Configuration 2 (hide)

cpe:2.3:h:rsa:securid:5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-08-12 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0507

Mitre link : CVE-2002-0507

CVE.ORG link : CVE-2002-0507

JSON object : View

Products Affected

rsa

securid

microsoft

exchange_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2002-0507", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/264705", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8681.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4390", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA."}, {"lang": "es", "value": "Una interacci\u00f3n entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticaci\u00f3n SecurID para un usuario anterior mediante varios envios de una petici\u00f3n de autenticaci\u00f3n OWA con la contrase\u00f1a adecuada del usuario anterior, que es acaba siendo aceptada por OWA."}], "lastModified": "2020-04-02T15:32:36.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F9C143-4734-4E5D-9281-F51513C5CAAF"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD3E2F18-A369-4767-ACEF-38DB40EEC6D4"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC01670D-4550-4034-86A5-7879B6334241"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B80A57A1-7B9F-4C07-ADAA-DBC4687F1EFC"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3983529-F4E3-4883-97AF-5BFC87AC3E86"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF429469-1B63-4BF3-A59F-F8180226BB6D"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34300FD4-EC3B-4206-B6C0-1345F17EC5EA"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47132D0D-7691-40A3-A4BF-37D2ACE580C3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rsa:securid:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A00A9D51-90B1-4D58-839F-AD93AD015B80"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}