Vulnerability Details : CVE-2013-0941
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
Exploit prediction scoring system (EPSS) score for CVE-2013-0941
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0941
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-0941
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0941
Products affected by CVE-2013-0941
- cpe:2.3:a:rsa:securid_web_agent:*:*:*:*:*:*:*:*When used together with: Apache » Http Server
- cpe:2.3:a:rsa:authentication_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:authentication_api:*:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:pluggable_authentication_module_agent:*:*:*:*:*:*:*:*