Auth bypass in Fedorahosted Sssd
CVE-2009-2410
The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the…
Vulnerability class: Broken Authentication
EPSS: 0.020 (77.9th percentile) — read the EPSS interpretation.
Affected products
- Fedorahosted Sssd — versions 0.4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)