Network authentication attack via pam_krb5
CVE-2023-3326

9.8CRITICAL

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Vendor
CVE Published:
22 June 2023

What is CVE-2023-3326?

The pam_krb5 module in FreeBSD, when configured without a keytab, allows attackers with control of both user passwords and KDC responses to gain authentication access by presenting a valid ticket-granting ticket (TGT) over the network. This vulnerability exposes systems to unauthorized access, as the module fails to validate the TGT response correctly. This scenario is particularly dangerous in non-default FreeBSD installations where pam_krb5 is utilized for user authentication.

Affected Version(s)

FreeBSD 13.2-RELEASE < 13.2-RELEASE-p1

FreeBSD 13.1-RELEASE < 13.1-RELEASE-p8

FreeBSD 12.4-RELEASE < 12.4-RELEASE-p3

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04....
vendor-advisory
https://security.netapp.com/advisory/ntap-20230714-0005/
third-party-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09....
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Taylor R Campbell <[email protected]>
.