Vigil@nce: pam_krb5, user detection
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can detect if a username is valid by looking at the
pam_krb5 prompt.
Severity: 1/4
Consequences: data reading
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 27/05/2009
IMPACTED PRODUCTS
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The pam_krb5 PAM module handles the authentication using the
Kerberos protocol.
When an attacker enters a valid username, the prompt is different
than the prompt for invalid usernames.
An attacker can therefore use a brute force attack to detect valid
usernames.
CHARACTERISTICS
Identifiers: 502602, BID-35112, CVE-2009-1384, VIGILANCE-VUL-8739
http://vigilance.fr/vulnerability/pam-krb5-user-detection-8739