Unrated severityNVD Advisory· Published May 16, 2014· Updated Jun 17, 2026
CVE-2014-0643
CVE-2014-0643
Description
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
Affected products
4cpe:2.3:a:emc:rsa_netwitness:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:emc:rsa_netwitness:*:*:*:*:*:*:*:*range: <9.8.5.19
- (no CPE)range: <9.8.5.19
cpe:2.3:a:emc:rsa_security_analytics:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:emc:rsa_security_analytics:*:*:*:*:*:*:*:*range: >=10.2,<10.2.4
- (no CPE)range: <10.2.4, <10.3.2
Patches
Vulnerability mechanics
References
1- archives.neohapsis.com/archives/bugtraq/2014-05/0052.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.