CVE-2010-3321 Information

Description

RSA Authentication Client 2.0.x 3.0 and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API requests.

Reference

http://www.securityfocus.com/archive/1/514153/100/0/threaded http://www.securityfocus.com/bid/43795