mirror of
https://github.com/opnsense/src.git
synced 2026-02-24 02:10:45 -05:00
An adversary on the network can log in via ssh as any user by spoofing the KDC. When the machine has a keytab installed the keytab is used to verify the service ticket. However, without a keytab there is no way for pam_krb5 to verify the KDC's response and get a TGT with the password. If both the password _and_ the KDC are controlled by an adversary, the adversary can provide a password that the adversary's spoofed KDC will return a valid tgt for. Currently, without a keytab, pam_krb5 is vulnerable to this attack. Reported by: Taylor R Campbell <riastradh@netbsd.org> via emaste@ Reviewed by: so Approved by: so Security: FreeBSD-SA-23:04.pam_krb5 Security: CVE-2023-3326 |
||
|---|---|---|
| .. | ||
| pam_chroot | ||
| pam_deny | ||
| pam_echo | ||
| pam_exec | ||
| pam_ftpusers | ||
| pam_group | ||
| pam_guest | ||
| pam_krb5 | ||
| pam_ksu | ||
| pam_lastlog | ||
| pam_login_access | ||
| pam_nologin | ||
| pam_passwdqc | ||
| pam_permit | ||
| pam_radius | ||
| pam_rhosts | ||
| pam_rootok | ||
| pam_securetty | ||
| pam_self | ||
| pam_ssh | ||
| pam_tacplus | ||
| pam_unix | ||
| Makefile | ||
| Makefile.inc | ||
| modules.inc | ||