CVE

Id
23303  
CVE No.
CVE-2006-7199  
Status
Candidate  
Description
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."  
Phase
Assigned (20070430)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
224268 23303 CVE-2006-7199 MISC:http://www.cr-labs.com/publications/SiteKey-20060718.pdf  View
224269 23303 CVE-2006-7199 MISC:http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
52611 JVNDB-2007-001303 EMC RSA Security SiteKey におけるトークンを取得される脆弱性 EMC RSA Security SiteKey には、SiteKey Flash トークン上で保護されている限定子を設定しないため、トークンを取得される脆弱性が存在します。 CVE-2006-7201 23303 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001303.html  View