CVE-2016-0915 in RSA Authentication Manager
Summary
by MITRE
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/13/2022
The vulnerability identified as CVE-2016-0915 affects the Self-Service Portal component of EMC RSA Authentication Manager Prime Self-Service versions 3.0 and 3.1 before build 3.1 1915.42871. This represents a critical security flaw that enables remote authenticated attackers to disrupt service availability by manipulating token serial numbers during PIN change operations. The vulnerability stems from inadequate input validation and access control mechanisms within the authentication system's self-service functionality, creating an avenue for unauthorized privilege escalation and service disruption.
This vulnerability manifests as a direct object reference vulnerability classified under CWE-639, which occurs when an application provides direct access to objects based on user-supplied input without proper authorization checks. The flaw allows attackers to modify the token serial number parameter within PIN change requests, enabling them to target arbitrary user accounts rather than being restricted to their own authenticated sessions. The system fails to validate whether the requesting user has legitimate authorization to modify the specified token's PIN, creating a pathway for malicious actors to exploit the system's trust model.
The operational impact of this vulnerability extends beyond simple denial of service, as it fundamentally undermines the authentication system's integrity and user access controls. An attacker who gains access to the self-service portal can potentially compromise multiple user accounts by manipulating the token serial numbers in PIN change requests, leading to widespread service disruption and potential credential compromise. This vulnerability particularly affects organizations relying on RSA Authentication Manager for critical access control, as it could enable attackers to lock out legitimate users or gain unauthorized access to protected systems through compromised authentication tokens.
Mitigation strategies should focus on implementing proper input validation, access control enforcement, and parameter sanitization within the authentication portal. Organizations should upgrade to the patched versions of RSA Authentication Manager Prime Self-Service, specifically build 3.1 1915.42871 or later, which address the direct object reference vulnerability through enhanced authorization checks. Additional protective measures include implementing rate limiting on authentication requests, monitoring for unusual token serial number modifications, and enforcing stricter session management controls. The vulnerability aligns with ATT&CK technique T1078.004 for valid accounts and T1499.004 for network denial of service, emphasizing the need for comprehensive defensive measures that address both authentication bypass and service disruption vectors.