Recently found vulnerability with RSA Authentication Agent SDK for C Error Handling Vulnerability and RSA Authentication Agent for Web for Apache Web Server Authentication Bypass Vulnerability
We're running Policy Server 12.7 and we'd like to know if Policy
Server is impacted by the RSA Authentication Bypass Vulnerability ?
CVE Identifier:
CVE-2017-14377
CVE-2017-14378
These vulnerability affects :
RSA Authentication Agent API 8.5 for C
RSA Authentication Agent SDK 8.6 for C
As per Support Matrix, Policy Server supports only 8.0 and 8.1 RSA
Authentication Manager and runs RSA Authentication Agent API and SDK
for C the same version. So the Policy Server isn't affected by these
Vulnerabilities.
PRODUCT SUPPORT MATRIX CA Single Sign - On 12.7
Third - Party Product Compatibility
https://support.ca.com/phpdocs/7/5262/5262-12-7-platform-support-matrix.pdf
RSA Authentication Manager 8.1 8.0
At the time of policy server development on Red Hat 7, 64 bit, RSA did not offer SDK support for this platform, so RSA
Authentication Manager is not yet supported on the Policy Server running on Red Hat 7