I've been going through the recent news articles that are making its round on the internet regarding bypass of 2FA using the RSA SecurID tokens. Articles below:-
1. Has RSA addressed these articles yet?
2. The report doesn't clearly state this but the thesis seems to imply that the STDID file based import is what is being exploited. I wanted to understand if the CT-KIP based distribution would also have the same impact?
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
Just took a read at both articles, and, from my understanding, the issue described resides in the fact the the attacker edited the Software Token source code to be able to import the SecurID Token Seed without getting the error message "Device intended for this token was not found...".
What does that mean ?
The attacker already had the SecurID Token Seed file in its possession
What about CT-KIP Software Token delivery ?
The CT-KIP distribution can be configured on the number of valid days before the Activation Code expires
I think it could be great that RSA developers add an option that would be the number of times you can use that Activation Code, so we could set it to just "1"
>> For the CT-KIP Software Token delivery, you should ONLY allow this being done from within your corporate networks, so that could avoid bypassing this when trying to connect from outside your corporate networks
CT-KIP Activation Code expiration configuration :
Let's see what other folks would say regarding your questions