CVE-2023-3326

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions pam krb5 (affected versions not specified)

Description The issue is related to the incorrect implementation of the authentication algorithm in the pam krb5 module. This allows an attacker to gain unauthorized access to the system by controlling the password and Kerberos KDC responses, returning a valid ticket-granting ticket (tgt) and enabling authentication for any user on the system. The vulnerability is particularly relevant in non-default FreeBSD installations that use pam krb5 for authentication without a provisioned keytab.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-303CWE-287

Related Identifiers

BDU:2023-04390

CVE-2023-3326

FREEBSD-SA-23_04

FREEBSD-SA-23_09

Affected Products

Debian

Freebsd

Pam Krb5

CVE-2023-3326

Weakness Enumeration

Related Identifiers

Affected Products

References · 15