CVE-2021-3784

Name of the Vulnerable Software and Affected Versions Garuda Linux (affected versions not specified)

Description The issue is related to an insecure user creation and authentication process in Garuda Linux. When creating users from the 'Garuda settings manager', the system temporarily leaves the new user without an assigned password. This window of time could be exploited by an attacker to authenticate as the newly created user without knowing the password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.