RSA – SecureID 800

RSA has explicitly asked us to publish the following information in response to the vulnerability we have found on SecureID 800:

  • RSA has released a remedy and security advisory for thisĀ  issue;
  • RSA is unaware of any compromised credentials as a result of this vulnerability;
  • RSA SecurID 800 is the only affected SecurID product, but this issue does not affect use of the SecurID 800 authenticator as an RSA SecurID one-time passcode (OTP) generator. This issue does not affect users of RSA’s other SecurID hardware or software authenticators.

RSA will publish the security advisory as MITRE CVE-2010-3321.

RSA also registered the advisory at buqtraq