Name of the Vulnerable Software and Affected Versions: SSSD versions 2.5.x

Description: The System Security Services Daemon (SSSD) service manages access to remote directories and authentication mechanisms. It provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues include lookup problems with fully-qualified names when 'cache first = True', delayed autofs lookups for unknown mounts, incorrect addition of AD domains, and problems with the pam responder not calling initgroups to refresh the user entry.

Recommendations: For SSSD versions 2.5.x, consider updating the configuration to avoid issues with 'cache first = True' and AD domain additions. As a temporary workaround, restrict the use of autofs lookups for unknown mounts to minimize delays. Additionally, ensure the pam responder is properly configured to call initgroups and refresh user entries. At the moment, there is no information about a newer version that contains a fix for this issue.