Nicoo

**Name of the Vulnerable Software and Affected Versions** Authd versions 0.3.6 and earlier **Description** A local attacker who can register user names could spoof another user's ID and gain their privileges due to insufficient randomization of user IDs. The issue arises from the `GenerateID` method, which assigns user IDs as a pure function of the user name, and the set of UIDs is too small for pseudo-random assignment to work. This allows an adversary to register multiple users with colliding IDs or register a single user whose ID collides with a target user's. The attacker can bypass the uniqueness check by engineering a situation where the system administrator purges `/var/cache`, targeting a system account whose UID is in `authd`'s range, or targeting an account that hasn't logged into a specific system in more than 6 months. **Recommendations** For Authd versions 0.3.6 and earlier, consider the following: - The simplest remediation path would be for the external IdP to provide a guaranteed-unique user ID in the correct range, commonly communicated through a claim in OIDC. - If that is not possible, architectural changes to authd would likely be required, such as assigning user IDs from a small space that requires mutable state to ensure uniqueness, and synchronizing that mutable state across multiple machines. At the moment, there is no information about a newer version that contains a fix for this vulnerability.