// For flags

CVE-2023-3326

Network authentication attack via pam_krb5

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

*Credits: Taylor R Campbell <riastradh@NetBSD.org>
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-06-19 CVE Reserved
  • 2023-06-22 CVE Published
  • 2024-07-24 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
  • CWE-303: Incorrect Implementation of Authentication Algorithm
CAPEC
  • CAPEC-114: Authentication Abuse
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
< 12.4
Search vendor "Freebsd" for product "Freebsd" and version " < 12.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
>= 13.0 < 13.1
Search vendor "Freebsd" for product "Freebsd" and version " >= 13.0 < 13.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.4
Search vendor "Freebsd" for product "Freebsd" and version "12.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.4
Search vendor "Freebsd" for product "Freebsd" and version "12.4"
p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.4
Search vendor "Freebsd" for product "Freebsd" and version "12.4"
p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.4
Search vendor "Freebsd" for product "Freebsd" and version "12.4"
rc2-p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.4
Search vendor "Freebsd" for product "Freebsd" and version "12.4"
rc2-p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
b1-p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
b2-p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p3
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p4
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p5
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p6
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
p7
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.1
Search vendor "Freebsd" for product "Freebsd" and version "13.1"
rc1-p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
-
Affected