Vigil@nce - Kerberos: permissions of krb5kdc.log too permissive
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read krb5kdc.log of Kerberos, in order to obtain
sensitive information.
Impacted products: Fedora.
Severity: 1/4.
Creation date: 29/01/2016.
DESCRIPTION OF THE VULNERABILITY
The Kerberos’ tools use the log file /var/log/krb5kdc.log.
This log file may include sensitive information about
authentications. However, the access rights of this file are
(root, root, 644), so the file is readable by any process in the
system.
An attacker can therefore read krb5kdc.log of Kerberos, in order
to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Kerberos-permissions-of-krb5kdc-log-too-permissive-18839