• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RSA Keon Certificate Authority Log File Verification Bypass Vulnerabilities

RSA Keon is susceptible to two logfile-verification-bypass vulnerabilities. These issues are due to design flaws in the implementation of the digital signature process for logfiles. The use of cryptographic hashes to sign log entries may add an increased level of trust for users relying on the logs for auditing purposes.

These issues allow local attackers to remove and modify logfile contents, aiding them in hiding malicious activity from certificate-authority auditors.

RSA Keon versions 6.5.1 and 6.6 are vulnerable to these issues; other versions may also be affected.