Actu
Vigil@nce - SSSD: connexion without password
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can connect via SSSD and LDAP with an account without
knowing the password.
Severity: 2/4
Creation date: 26/08/2010
DESCRIPTION OF THE VULNERABILITY
The SSSD daemon handles access to identities and authentication
remote resources.
LDAP offers an authentication mechanism called SimpleBind who
requires two arguments (username and password). Three modes,
Anonymous, Unauthenticated and Name/Password are defined. In the
first two cases, it is an anonymous authentication (empty
password).
When an LDAP server is used for authentication, SSSD issues a
SimpleBind query to the server and depending of the answer, allows
or not access. However, in the case of the LDAP server allow
Unauthenticated mode, if a blank password is used, the
Unauthenticated mode will be used instead of Name/Password. The
LDAP server then authenticate the user, SSSD too allowing access.
An attacker can therefore connect via SSSD with an account without
knowing the password.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SSSD-connexion-without-password-9885
