SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Chinese hacker group caught bypassing 2FA

Jump to solution



I've been going through the recent news articles that are making its round on the internet regarding bypass of 2FA using the RSA SecurID tokens. Articles below:- 


Chinese hacker group caught bypassing 2FA | ZDNet 




1. Has RSA addressed these articles yet?

2. The report doesn't clearly state this but the thesis seems to imply that the STDID file based import is what is being exploited. I wanted to understand if the CT-KIP based distribution would also have the same impact?


Thank You,


1 Solution

Accepted Solutions
Employee (Retired) Employee (Retired)
Employee (Retired)
2 Replies
Frequent Contributor
Frequent Contributor

Hi Gordon,


Just took a read at both articles, and, from my understanding, the issue described resides in the fact the the attacker edited the Software Token source code to be able to import the SecurID Token Seed without getting the error message "Device intended for this token was not found...".


What does that mean ?
    The attacker already had the SecurID Token Seed file in its possession
What about CT-KIP Software Token delivery ?
    The CT-KIP distribution can be configured on the number of valid days before the Activation Code expires
    I think it could be great that RSA developers add an option that would be the number of times you can use that Activation Code, so we could set it to just "1"
    >> For the CT-KIP Software Token delivery, you should ONLY allow this being done from within your corporate networks, so that could avoid bypassing this when trying to connect from outside your corporate networks


CT-KIP Activation Code expiration configuration :

RSA Security Console - Software Tokens.png


Let's see what other folks would say regarding your questions

Kind Regards,


Employee (Retired) Employee (Retired)
Employee (Retired)

Gordon Mathias‌,


Please review Important Statement from RSA Regarding RSA SecurID Software Token Provisioning Best Practices for the response from RSA regarding this report.