Samikhan-De

**Name of the Vulnerable Software and Affected Versions** authd versions prior to 0.6.4 **Description** A logic error exists in the primary group ID assignment. When a user's primary group ID (GID) differs from their user ID (UID)—occurring if the account was created with versions prior to 0.5.4 or if the primary group was manually changed using the `authctl group set-gid` command—and the identity provider record is updated, the system incorrectly resets the primary group ID to the UID during the next login. This results in newly created files and directories being assigned to the wrong group, which can lead to denial of service, unauthorized access to files by other local users, and local privilege escalation. **Recommendations** Update to version 0.6.4 or later.