Fedoraproject : Security Vulnerabilities, CVEs, Published In 2010 (Bypass)
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
Max CVSS
5.1
EPSS Score
0.76%
Published
2010-08-30
Updated
2017-08-17
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
Max CVSS
3.7
EPSS Score
0.13%
Published
2010-01-14
Updated
2010-01-15
2 vulnerabilities found