RSA has explicitly asked us to publish the following information in response to the vulnerability we have found on SecureID 800:
- RSA has released a remedy and security advisory for this issue;
- RSA is unaware of any compromised credentials as a result of this vulnerability;
- RSA SecurID 800 is the only affected SecurID product, but this issue does not affect use of the SecurID 800 authenticator as an RSA SecurID one-time passcode (OTP) generator. This issue does not affect users of RSA’s other SecurID hardware or software authenticators.
RSA will publish the security advisory as MITRE CVE-2010-3321.
RSA also registered the advisory at buqtraq