000019041 - Users being password prompted when importing token into RSA SecurID Software Token 2.5 even though no password was specified during issuance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019041
Applies ToRSA SecurID Software Token 2.5
Microsoft Windows
RSA ACE/Server
IssueUsers being password prompted when importing token into RSA SecurID Software Token 2.5 even though no password was specified during issuance
Issuing Software Tokens
When the end user tries to import a soft token, that was created using the ACE/Server administration (Issue Software Tokens...), they are prompted for a password even though no password was specified during issuance.
CauseEach SoftID is protected by a hash stored in the registry whether or not it contains a password.  There is a bug that causes the SoftID 2.5 application to misread the token value in the registry because it reduces all double slashes ("\\") to a single slash ("\"), thus rendering the hash incorrect and useless.  It should read the registry value as it is, without striping away any special characters.
ResolutionThis issue has been resolved in a hot fix for RSA SecurID Software Token 2.5. Contact RSA Security Customer Support to obtain the hot fix for tst00021261. This bug has been corrected in an updated version of the stauto.dll file. Shown below are installation instructions for the hot fix:

1. Replace the current version of the stauto32.dll file on all PC's containing the RSA SecurID Software Token 2.5 application:

        Windows NT/2000:  \winnt\system32\stauto32.dll
        Windows 98:            \windows\system\stauto32.dll

2. Try to import the token into the token again - this time you should not be password prompted
Legacy Article IDa5323

Attachments

    Outcomes