trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Add support for RSA SecurID MFA software tokens

Open gc-eh opened this issue 2 months ago • 1 comments

Description

Add support for RSA SecurID virtual MFA tokens https://www.rsa.com/products/securid/

Preferred Solution

Expose serial number & seed of the virtual token. The seed allows to duplicate the token, then bypass MFA, thus proves the leak. The serial number allows an admin to invalidate the token.

Additional Context

Custom detection logic:

detectors:
- name: RSASecurIDDetector
  keywords:
  - TKNHeader
  regex:
    SerialNumber: |-
      <SN>\d+?</SN>
    Seed: |-
      <Seed>.+?</Seed>
  primary_regex_name: SerialNumber

References

Example tokens available at https://github.com/stoken-dev/stoken

gc-eh avatar Aug 13 '25 14:08 gc-eh