CVE-2010-0014

Name of the Vulnerable Software and Affected Versions SSSD versions prior to 1.0.1

Description The issue allows physically proximate attackers to authenticate to the screen-locking program on a workstation using an arbitrary password when the Kerberos authentication provider is configured but the Key Distribution Center (KDC) is unreachable. This occurs if any user has a valid Kerberos ticket-granting ticket (TGT). Additionally, it might enable remote attackers to bypass intended access restrictions by using an arbitrary password in conjunction with a valid TGT.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the screen-locking program or ensuring the KDC is always reachable when the krb5 auth provider is configured.