Auth bypass in Fedoraproject Sssd

CVE-2011-1758

The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, w…

Vulnerability class: Broken Authentication

EPSS: 0.003 (25.4th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject Sssd — versions 1.5.0, 1.5.1, 1.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)