Security Advisory

CVE-2017-12173

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-07-27 16:00:00

Last updated 2024-08-05 18:28:16

Assigner redhat

State PUBLISHED

Description

It was found that sssds sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

← Browse all CVEs View on cve.org ↗