CVE-2012-3492 — Improper Authentication in Project Condor

CWE-287 — Improper Authentication8 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

0.7%

top 28.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor

Timeline

PublishedSep 28

Latest updateMay 17

Description

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debiancondor_project/condor< 7.8.2~dfsg.1-1+deb7u1+1

▶NVDcondor_project/condor14 versions+13

🔴Vulnerability Details

GHSA

GHSA-jf69-6wxx-cpxg: The filesystem authentication (condor_io/condor_auth_fs↗2022-05-17

▶

CVEList

CVE-2012-3492: The filesystem authentication (condor_io/condor_auth_fs↗2012-09-28

▶

OSV

CVE-2012-3492: The filesystem authentication (condor_io/condor_auth_fs↗2012-09-28

▶

📋Vendor Advisories

Red Hat

condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass↗2012-09-19

▶

Debian

CVE-2012-3492: condor - The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x bef...↗2012

▶

💬Community

Bugzilla

CVE-2012-3491 CVE-2012-3492 CVE-2012-3493 condor various flaws [fedora-all]↗2012-09-19

▶

Bugzilla

CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass↗2012-08-14

▶