Directory Permission Vulnerability in Courier Authentication Library from Debian
CVE-2021-28374

7.5HIGH

Key Information:

Vendor: Debian
Status: Courier-authlib
Vendor: CVE Published:; 15 March 2021

Summary

The Courier Authentication Library in the Debian courier-authlib package prior to version 0.71.1-2 contains a vulnerability that allows for improper permissions on the /run/courier/authdaemon directory. This weakness could allow an unauthorized attacker access to sensitive user information, including user existence, UID, GIDs, home directories, and potentially cleartext passwords under certain configurations. This exposure poses significant risks to the security and privacy of user accounts.

References

https://bugs.debian.org/984810

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2021/04/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Mar 15, 2021