{"vuid":"VU#612076","idnumber":"612076","name":"VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability","keywords":["VASCO","IDENTIKEY","Authentication","ias","cwe-305"],"overview":"VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials.","clean_desc":"CWE-305: Authentication Bypass by Primary Weakness\nVASCO's IDENTIKEY Authentication Server (IAS) is a product which provides two-factor authentication capability. VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. The expected behavior of the product is to authenticate a user from a RADIUS client if and only if that user enters a concatenation of his or her Microsoft Active Directory password credentials and a one-time password that is generated by an assigned DIGIPASS security token. The observed behavior is that the user need only enter the one-time password generated by the security token; the product will successfully authenticate the user when no Active Directory password is provided. This reduces two-factor authentication into one-factor authentication (i.e. just the one-time password generated using the security token).","impact":"An attacker with access to a user's authentication token or current code could login to a system without needing the user's Active Directory password credentials.","resolution":"Update VASCO has released an updated version of IDENTIKEY Authentication Server 3.5 to address this vulnerability. VASCO is advising affected users to download the updated version from VASCO My Maintenance site.","workarounds":"","sysaffected":"","thanks":"Thanks to Michael Schoenbach and Luke Sullivan for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://www.vasco.com/products/server_products/identikey/ik_auth/identikey-authentication-server.aspx","http://www.vasco.com/support/support/my_maintenance/default.aspx","http://cwe.mitre.org/data/definitions/305.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-10-29T19:29:07Z","publicdate":"2013-12-13T00:00:00Z","datefirstpublished":"2014-01-09T14:30:18Z","dateupdated":"2014-01-09T14:30:18Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"H","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.5","cvss_basevector":"AV:N/AC:M/Au:S/C:P/I:N/A:N","cvss_temporalscore":"2.7","cvss_environmentalscore":"4.0997992552263","cvss_environmentalvector":"CDP:LM/TD:M/CR:H/IR:ND/AR:ND","metric":0.0,"vulnote":null}