3.7
CVE-2011-1758
- EPSS 0.05%
- Published 26.05.2011 18:55:02
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Sssd Version1.5.0
Fedoraproject ≫ Sssd Version1.5.1
Fedoraproject ≫ Sssd Version1.5.2
Fedoraproject ≫ Sssd Version1.5.3
Fedoraproject ≫ Sssd Version1.5.4
Fedoraproject ≫ Sssd Version1.5.5
Fedoraproject ≫ Sssd Version1.5.6
Fedoraproject ≫ Sssd Version1.5.6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.115 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 1.9 | 6.4 |
AV:L/AC:H/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.