Auth bypass in Condor_project Condor

CVE-2012-3492

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by r…

Vulnerability class: Broken Authentication

EPSS: 0.007 (72.4th percentile) — read the EPSS interpretation.

Affected products

Condor_project Condor — versions 7.6.0, 7.6.1, 7.6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

55632 (vdb-entry, x_refsource_BID)
RHSA-2012:1278 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:1281 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
50666 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20120920 Notification of upstream Condor security fixes (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_MISC)