CVE-2013-7292

{"id": "CVE-2013-7292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-13T15:37:53.580", "references": [{"url": "http://www.kb.cert.org/vuls/id/612076", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password."}, {"lang": "es", "value": "VASCO IDENTIKEY Authentication Server (IAS) v3.4.x permite a usuarios remotos autenticados evadir la autenticaci\u00f3n Active Directory (AD) al ingresar s\u00f3lo una contrase\u00f1a de un solo uso DIGIPASS, en lugar de la combinaci\u00f3n prevista de la contrase\u00f1a de un solo uso y una contrase\u00f1a AD de m\u00faltiples usos."}], "lastModified": "2014-01-14T15:01:54.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vasco:identikey_authentication_server:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D2894F4-01EA-4C0A-8634-5EC8FCEA633C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}