News
Vigil@nce - SSSD: connexion without password
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can connect via SSSD and LDAP with an account without knowing the password.
Severity: 2/4
Creation date: 26/08/2010
DESCRIPTION OF THE VULNERABILITY
The SSSD daemon handles access to identities and authentication remote resources.
LDAP offers an authentication mechanism called SimpleBind who requires two arguments (username and password). Three modes, Anonymous, Unauthenticated and Name/Password are defined. In the first two cases, it is an anonymous authentication (empty password).
When an LDAP server is used for authentication, SSSD issues a SimpleBind query to the server and depending of the answer, allows or not access. However, in the case of the LDAP server allow Unauthenticated mode, if a blank password is used, the Unauthenticated mode will be used instead of Name/Password. The LDAP server then authenticate the user, SSSD too allowing access.
An attacker can therefore connect via SSSD with an account without knowing the password.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
