CVE-2002-0507Improper Authentication in Microsoft Exchange Server

CWE-287Improper Authentication3 documents3 sources
Severity
2.1LOWNVD
EPSS
1.0%
top 23.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Exchange ServerRSA Securid
Timeline
PublishedAug 12
Latest updateApr 30

Description

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

NVDrsa/securid5.0
NVDmicrosoft/exchange_server2000, 5.5+1

🔴Vulnerability Details

2
GHSA
GHSA-v9f9-qwj8-vjff: An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user2022-04-30
CVEList
CVE-2002-0507: An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user2002-06-11
CVE-2002-0507 — Improper Authentication in Microsoft | cvebase