3.7
CVE-2010-0014
- EPSS 0.13%
- Published 14.01.2010 18:30:00
- Last modified 09.04.2025 00:30:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Sssd Version <= 1.0.0
Fedoraproject ≫ Sssd Version0.2.1
Fedoraproject ≫ Sssd Version0.3.0
Fedoraproject ≫ Sssd Version0.3.1
Fedoraproject ≫ Sssd Version0.3.2
Fedoraproject ≫ Sssd Version0.3.3
Fedoraproject ≫ Sssd Version0.4.0
Fedoraproject ≫ Sssd Version0.4.1
Fedoraproject ≫ Sssd Version0.5.0
Fedoraproject ≫ Sssd Version0.6.0
Fedoraproject ≫ Sssd Version0.6.1
Fedoraproject ≫ Sssd Version0.7.0
Fedoraproject ≫ Sssd Version0.7.1
Fedoraproject ≫ Sssd Version0.99.0
Fedoraproject ≫ Sssd Version0.99.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.297 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 1.9 | 6.4 |
AV:L/AC:H/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.