CVE-2023-3326
high-risk
Published 2023-06-22
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.
Do I need to act?
-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (18)
Affected Vendors
References (6)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230714-0005/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230714-0005/
53
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
19/34 · Moderate