000023481 - UniqueChars comparator MaximumDistance vulnerability

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023481
Applies ToRSA Adaptive Authentication
Adaptive Authentication web services
IssueMaximumDistance vulnerability
How to increase security for passphrase
CauseThe UniqueChars comparator?s configured for a max distance of 3 on a minimum answer length of 4. This is bad because this means an attacker would need to guess just one of the characters in a four-character answer, and the same goes for the TypoDistance comparator.
ResolutionTo correct this issue, replace the present c-config-challeng*.xml file with the one included in the attached .ZIP package.
Legacy Article IDa31686