Unrated severityNVD Advisory· Published Dec 8, 2014· Updated May 6, 2026

CVE-2014-4631

Description

RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.

Affected products

EMC Corporation/Rsa Adaptive Authentication On Premise10 versions
cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:7.1:p2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000