Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

authd

Source -

CNANVDADP

CNA CVEs -

1

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-5689
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.34%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:37
Updated-26 Aug, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Permission Management in SSH Session Handling

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

Action-Not Available
Vendor-Canonical Ltd.
Product-authdauthd
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-9312
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG-0.00%
Published-10 Oct, 2024 | 13:42
Updated-26 Aug, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

Action-Not Available
Vendor-UbuntuCanonical Ltd.
Product-authdAuthdauthd
CWE ID-CWE-286
Incorrect User Management
CWE ID-CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2024-9313
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.25%
||
7 Day CHG+0.18%
Published-03 Oct, 2024 | 11:04
Updated-26 Aug, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.

Action-Not Available
Vendor-Canonical Ltd.
Product-authdAuthd
CVE-2016-4982
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 23.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.

Action-Not Available
Vendor-teethern/a
Product-authdn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')