Are Access Manager Agents susceptible to Session Fixation attacks?
Originally Published: 2009-05-26
Article Number
Applies To
RSA Access Manager 4.8 Agent for Apache 2.2
IBM Rational Appscan
Issue
IBM Rational Appscan report for the Access Manger Login pages were identified as potentially vulnerable for the reason ?Session Identifier Not Updated?.
Cause
Resolution
For more information on Session Fixation Attacks see http://capec.mitre.org/data/definitions/60.html
Related Articles
RSA Authentication Manager Administration Server with Operations Console service fails to start when restarted from the SS… Number of Views RSA Authentication Manager 8.8 upgrade fails with ERROR: auth_manager.rest_service.old_access_key is not found Number of Views Best Practices to Mitigate Password-Spraying Attacks Number of Views Test connection fails from the RSA ID Plus Cloud Access Service and Identity Router to the SecurID Authentication Manager Number of Views How to exclude files based on a regular expression in RSA Access Manager Agents Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio…
Don't see what you're looking for?
