Vulnerability in System Security Services Daemon Affects Kerberos Authentication
CVE-2010-0014

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Sssd
Vendor: CVE Published:; 14 January 2010

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2010-0014?

The System Security Services Daemon (SSSD) versions before 1.0.1 is vulnerable to an authentication bypass when the krb5 auth_provider is set up but the Key Distribution Center (KDC) is unreachable. This situation enables physically proximate attackers to authenticate to a screen-locking program using any arbitrary password if they possess a user's Kerberos ticket-granting ticket (TGT). Additionally, remote attackers may exploit this vulnerability using similar methods, potentially undermining access controls intended to protect the workstation environment.

References

http://secunia.com/advisories/38160

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/37747

vdb-entryx_refsource_BID

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 14, 2010