SecurID^®

msg9 · ‎2023-03-28

Hello all, is there an expected date for the next AM 8.7 patch that will address vulns in Java .351? Are there any instructions available for remediation/workaround in the meantime? Current remediation requires .361 or greater. I did see some CVEs address in the article below RSA-2023-03: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities https://community.rsa.com/t5/securid-product-advisories/rsa-2023-03-rsa-authentication-manager-security-update-for-third/ta-p/696309

RakeshK1

Hello Team, could you please help me to deploy the RSA SecureID?

cbalbuena

We are in the process of enabling the RSA Secure ID Authentication REST API. Since this is a fairly new technology, we would like to get confirmation from you that even without enabling HMAC for authentication agents, that the communication between the client and the RSA infrastructure is encrypted. In our specific case, the client is a VMware UAG appliance that requires both the Access Key and the RSA SSL server certificate to establish connection to the RSA server. We basically want to confirm that even without enabling HMAC for authentication agents, the network traffic will be encrypted using the provided the RSA SSL server certificate.

yannickneault

We are in the process of enabling the RSA Secure ID Authentication REST API. Since this is a fairly new technology, we would like to get confirmation that, even without enabling HMAC for authentication agents, the communication between the client and the RSA infrastructure is encrypted? In our specific case, the client is a VMware UAG appliance that requires both the Access Key and the RSA SSL server certificate to establish connection to the RSA server. We basically want to confirm that even without enabling HMAC for authentication agents, the network traffic will be encrypted using the provided the RSA SSL server certificate. Reference : https://community.rsa.com/t5/rsa-authentication-manager/deploying-an-authentication-agent-that-uses-the-rest-protocol/ta-p/629348 https://community.rsa.com/t5/rsa-authentication-manager/generate-an-hmac-for-authentication-agents/ta-p/629349

1up4kel

Hello, Team. I was hope for some advice on how to automate if possible soft token extensions. In my environment, soft token get expired and need to be extend if user is still employed. So, let's say every 6 months we need to extend soft tokens that are soon to expire. Since, this is a time consuming task to extend 10 token at a time. Is there a way to automate the process base on user ID with expiring tokens. Please advise and thank you for your time. Kelvin

SecurID^®

Browse the Community

SecurID Advisories

SecurID Community Blog

SecurID Discussions

SecurID Integrations

SecurID Prime

SecurID Knowledge Base

SecurID Events

SecurID Documentation & Downloads

Category Activity

Authentication Manager 8.7 - P4 Availability To Remediate Java Vuln?

RSA Deployment

Encryption - RSA SecurID Authentication API for Authentication Agents

Security of REST API

How to Automate soft token extension

RSA May 2023 Release Announcements

RSA-2023-06: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities

RSA Announces RSA Authentication Manager 8.7 Patch 4 and Updated Web-Tier Server

RSA Announces RSA® Authentication Manager 8.7 SP1

Re: Multiple Device Logins/Sessions Using Same Passcode/Tokencode?

SecurID®

Browse the Community

SecurID Advisories

SecurID Community Blog

SecurID Discussions

SecurID Integrations

SecurID Prime

SecurID Knowledge Base

SecurID Events

SecurID Documentation & Downloads

Category Activity

SecurID^®