RSA Locked Accounts continue to be Accessible
Testing RSA log in Results
Repeated Testing Confirmed, with Browsers Chrome, IE, and Firefox along with cache cleared.
Involving the following conditions
• If previously the user account had checked the checkbox “Remember this computer”
• And only on the Computer the “Remember this computer” was initiated on
• Adaptive Authentication backoffice/csr Admin – once the account was in the locked state, which would normally be per failed security question or executing the lock account from the admin console.
• Results: The Locked Account was still accessible by password only and no security question presented
Currently we are working with RSA case 01041005 Unresolved
Note: Also Tested
AxM Access Manager – once the account was in the locked state – regardless of the browser or “Remember this computer” setting, the user account was not accessible.
Remember this Compter Option
User Details – Current Status: Locked Out