|
RSA SecureID ACE/Server contains a flaw that allows any local user on the system to add, delete or modify SecureID files. The flaw is due to incorrect permissions being set for the /usr/local/ace/data directory during installation. This would allow users to disable authentication, redirect authentication requests, compromise logins or more.
|