|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA Authentication Agent
RSA Version/Condition: 7.2.1
|Issue||Elevating privileges of an unchallenged user to admin rights in LAC Agents under various scenarios|
Assume that the agent is installed according to the documentation and is working.
Scenario 1 : RSA AM (Authentication Manager)_and AD (Active Directory) services are available
Note: If the privileged user doesn’t have AD cache stored locally, prompt for Domain password appears again
Scenario 2 : RSA AM services are unavailable with offline authentication enabled and AD services are available
When all RSA AM Servers are unavailable, user with offline days will still be able to elevate the privileges with 2FA.
Scenario 3 : RSA AM service are unavailable with no offline authentication and AD services are available
When all RSA AM Servers are unavailable and privileged user has no offline days, then
Privileged user will be prompted for Reserve password once they have entered username + passcode. This is because RSA Agent cannot find RSA AM and hence the prompt for Reserve password
Scenario 4 : RSA AM and AD services are unavailable
If both services are not available, elevation of user privileges is not permitted.