|Applies To||RSA Key Manager Server versions 1.5.x, 2.0.x, 2.1.3.x, and 2.2.x|
RSA Key Manager Appliance versions 1.0.1, 1.5.x, and 1.6.x
Known Exploitation of the Vulnerability:
RSA, The Security Division of EMC, is not aware of any attacks utilizing this vulnerability.
|Issue||Excessive Authentication Attempts|
Excessive Authentication Attempts
Failure to either block excessive authentication attempts and/or lock the account associated with excessive authentication attempts may allow an attacker to brute force a user's password to gain unauthorized access to the application.
RKM Server failed to either block excessive authentication attempts and/or lock the account associated with excessive failed authentication attempts to access administration console.
|Resolution||RSA Access Manager must be deployed and used with RSA Key Manager Server to configure and enforce account lockout policies. RSA Key Manager Appliance includes and uses RSA Access Manager by default. RSA Key Manager 2.5.x and 2.7.x Administrator Guide, Password Policies section, describe the steps to configure RSA Access Manager to prevent excessive login attempts. For additional details on configuring password policies, refer to RSA Access Manager Servers Installation and Configuration Guide.|
All deployments of RSA Key Manager Server and RSA Key Manager Appliance should configure password policies through RSA Access Manager.
|Legacy Article ID||a49701|