AnsweredAssumed Answered

RSA Locked Accounts continue to be Accessible

Question asked by Bob Ross on Nov 15, 2017

RSA Locked Accounts continue to be Accessible

Testing RSA log in Results
Repeated Testing Confirmed, with Browsers Chrome, IE, and Firefox along with cache cleared.
Involving the following conditions
• If previously the user account had checked the checkbox “Remember this computer”
• And only on the Computer the “Remember this computer” was initiated on
• Adaptive Authentication backoffice/csr Admin – once the account was in the locked state, which would normally be per failed security question or executing the lock account from the admin console.
• Results: The Locked Account was still accessible by password only and no security question presented
Currently we are working with RSA case 01041005 Unresolved
Note: Also Tested
AxM Access Manager – once the account was in the locked state – regardless of the browser or “Remember this computer” setting, the user account was not accessible.
Remember this Compter Option

User Details – Current Status: Locked Out

Outcomes