Identifying Insufficient User ID Randomization in Authd
CVE-2024-9312
7.5HIGH
Summary
An authentication vulnerability exists in Authd, up to version 0.3.6, where insufficient randomization of user IDs can lead to collisions. This flaw allows a local attacker, capable of registering usernames, to spoof another user's ID, subsequently gaining unauthorized access to their privileges. This situation poses a significant risk to user security and data integrity, necessitating immediate remediation.
Affected Version(s)
Authd Linux 0 < 0.3.6
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
nicoo
Michael Gebetsroither
Jamie Bliss
Adrian Dombeck
Mark Esler