The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection.
References
Configurations
History
No history.
Information
Published : 2009-07-30 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2410
Mitre link : CVE-2009-2410
CVE.ORG link : CVE-2009-2410
JSON object : View
Products Affected
fedorahosted
- sssd
CWE
CWE-287
Improper Authentication