VYPR
Unrated severityNVD Advisory· Published May 16, 2014· Updated Jun 17, 2026

CVE-2014-0643

CVE-2014-0643

Description

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Affected products

4
  • cpe:2.3:a:emc:rsa_netwitness:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:emc:rsa_netwitness:*:*:*:*:*:*:*:*range: <9.8.5.19
    • (no CPE)range: <9.8.5.19
  • cpe:2.3:a:emc:rsa_security_analytics:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:emc:rsa_security_analytics:*:*:*:*:*:*:*:*range: >=10.2,<10.2.4
    • (no CPE)range: <10.2.4, <10.3.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.