CVE-2010-0014
SSSD < 1.0.1 - Improper Authentication via Kerberos TGT Handling
Title source: llmDescription
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38160
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37747
Patch x_refsource_confirm
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=553233
Scores
EPSS
0.0069
EPSS Percentile
48.0%
Details
CWE
CWE-287
Status
published
Products (15)
fedoraproject/sssd
0.2.1
fedoraproject/sssd
0.3.0
fedoraproject/sssd
0.3.1
fedoraproject/sssd
0.3.2
fedoraproject/sssd
0.3.3
fedoraproject/sssd
0.4.0
fedoraproject/sssd
0.4.1
fedoraproject/sssd
0.5.0
fedoraproject/sssd
0.6.0
fedoraproject/sssd
0.6.1
... and 5 more
Published
Jan 14, 2010
Tracked Since
Feb 18, 2026