3 matches found
CVE-2024-9313
CVE-2024-9313 affects the Authd PAM module prior to 0.3.5. The flaw allows broker-managed users to impersonate any other user managed by the same broker and perform PAM operations, including authenticating as that user. The advisory’s CVSS 3.1 score is 8.8 ( HIGH ), with network attack vector, lo...
CVE-2024-9312
Authd before 0.3.6 is vulnerable due to insufficient randomization of user IDs, enabling a local attacker who can register usernames to spoof another user’s ID and gain their privileges. The impact is local privilege escalation with high confidentiality, integrity, and availability implications a...
CVE-2025-5689
CVE-2025-5689 concerns ubuntu/authd and related components. A flaw in the temporary user record used by authd during pre-auth NSS can cause a first-time SSH login to place the new user into the root group for that SSH session, potentially exposing root-group read/write access during that session....