CVE-2010-0833 — Improper Authentication in Cifs

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

0.9%

top 24.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Likewise Cifs Likewise Open

Timeline

PublishedJul 28

Latest updateMay 2

Description

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDlikewise/likewise_cifs5.4

▶NVDlikewise/likewise_open5.4, 6.0+1

Patches

Patch: www.likewise.com ↗Patch: www.likewise.com ↗

🔴Vulnerability Details

GHSA

GHSA-9p5c-9rhf-4q9x: The pam_lsass library in Likewise Open 5↗2022-05-02

▶

CVEList

CVE-2010-0833: The pam_lsass library in Likewise Open 5↗2010-07-27

▶

📋Vendor Advisories

Ubuntu

Likewise Open vulnerability↗2010-07-26

▶