[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2410Date: (C)2009-07-30   (M)2023-12-22


The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-35868
SECUNIA-36018
FEDORA-2009-8101
https://bugzilla.redhat.com/attachment.cgi?id=355424
https://bugzilla.redhat.com/show_bug.cgi?id=514057
sssd-localhandlercallback-security-bypass(52210)

CWE    1
CWE-287
OVAL    2
oval:org.secpod.oval:def:101910
oval:org.secpod.oval:def:100185

© SecPod Technologies