CVE-2010-0014

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

Published: Jan 14, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0014
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
fedoraproject / sssd	0.5.0	0.5.0.x
fedoraproject / sssd	0.3.1	0.3.1.x
fedoraproject / sssd	0.7.1	0.7.1.x
fedoraproject / sssd	0.2.1	0.2.1.x
fedoraproject / sssd	0.3.0	0.3.0.x
fedoraproject / sssd	-	1.0.0.x
fedoraproject / sssd	0.99.0	0.99.0.x
fedoraproject / sssd	0.4.0	0.4.0.x
fedoraproject / sssd	0.3.2	0.3.2.x
fedoraproject / sssd	0.99.1	0.99.1.x
fedoraproject / sssd	0.3.3	0.3.3.x
fedoraproject / sssd	0.6.0	0.6.0.x
fedoraproject / sssd	0.4.1	0.4.1.x
fedoraproject / sssd	0.7.0	0.7.0.x
fedoraproject / sssd	0.6.1	0.6.1.x

Vulnerability Database

289,599

CVE-2010-0014