CVE Vulnerabilities

CVE-2023-3326

Incorrect Implementation of Authentication Algorithm

Published: Jun 22, 2023 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
LOW

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

Weakness

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd * 12.4 (excluding)
Freebsd Freebsd 13.0 (including) 13.1 (excluding)
Freebsd Freebsd 12.4 (including) 12.4 (including)
Freebsd Freebsd 12.4-p1 (including) 12.4-p1 (including)
Freebsd Freebsd 12.4-p2 (including) 12.4-p2 (including)
Freebsd Freebsd 12.4-rc2-p1 (including) 12.4-rc2-p1 (including)
Freebsd Freebsd 12.4-rc2-p2 (including) 12.4-rc2-p2 (including)
Freebsd Freebsd 13.1 (including) 13.1 (including)
Freebsd Freebsd 13.1-b1-p1 (including) 13.1-b1-p1 (including)
Freebsd Freebsd 13.1-b2-p2 (including) 13.1-b2-p2 (including)
Freebsd Freebsd 13.1-p1 (including) 13.1-p1 (including)
Freebsd Freebsd 13.1-p2 (including) 13.1-p2 (including)
Freebsd Freebsd 13.1-p3 (including) 13.1-p3 (including)
Freebsd Freebsd 13.1-p4 (including) 13.1-p4 (including)
Freebsd Freebsd 13.1-p5 (including) 13.1-p5 (including)
Freebsd Freebsd 13.1-p6 (including) 13.1-p6 (including)
Freebsd Freebsd 13.1-p7 (including) 13.1-p7 (including)
Freebsd Freebsd 13.1-rc1-p1 (including) 13.1-rc1-p1 (including)
Freebsd Freebsd 13.2 (including) 13.2 (including)
Libpam-krb5 Ubuntu bionic *
Libpam-krb5 Ubuntu kinetic *
Libpam-krb5 Ubuntu lunar *
Libpam-krb5 Ubuntu mantic *
Libpam-krb5 Ubuntu trusty *
Libpam-krb5 Ubuntu trusty/esm *
Libpam-krb5 Ubuntu xenial *
Sssd Ubuntu bionic *
Sssd Ubuntu kinetic *
Sssd Ubuntu lunar *
Sssd Ubuntu mantic *
Sssd Ubuntu trusty *
Sssd Ubuntu xenial *

References