The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x prior to 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject sssd 1.5.2 |
||
fedoraproject sssd 1.5.0 |
||
fedoraproject sssd 1.5.5 |
||
fedoraproject sssd 1.5.6.1 |
||
fedoraproject sssd 1.5.3 |
||
fedoraproject sssd 1.5.1 |
||
fedoraproject sssd 1.5.6 |
||
fedoraproject sssd 1.5.4 |