CVE-2010-0014

Fedoraproject Sssd < 1.0.0 - Authentication Bypass

Title source: rule

Description

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

References (4)

[Vendor Advisory] http://secunia.com/advisories/38160

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=553233

[Patch] https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37747

Scores

EPSS 0.0013

EPSS Percentile 32.8%

Classification

CWE

CWE-287

Status draft

Affected Products (15)

fedoraproject/sssd < 1.0.0

fedoraproject/sssd

Timeline

Published Jan 14, 2010

Tracked Since Feb 18, 2026