CVE-2023-3326: Network authentication attack via pam_krb5
First published: Thu Jun 22 2023(Updated: )
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.
Credit: secteam@freebsd.org secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD FreeBSD | <12.4 | |
| FreeBSD FreeBSD | >=13.0<13.1 | |
| FreeBSD FreeBSD | =12.4 | |
| FreeBSD FreeBSD | =12.4-p1 | |
| FreeBSD FreeBSD | =12.4-p2 | |
| FreeBSD FreeBSD | =12.4-rc2-p1 | |
| FreeBSD FreeBSD | =12.4-rc2-p2 | |
| FreeBSD FreeBSD | =13.1 | |
| FreeBSD FreeBSD | =13.1-b1-p1 | |
| FreeBSD FreeBSD | =13.1-b2-p2 | |
| FreeBSD FreeBSD | =13.1-p1 | |
| FreeBSD FreeBSD | =13.1-p2 | |
| FreeBSD FreeBSD | =13.1-p3 | |
| FreeBSD FreeBSD | =13.1-p4 | |
| FreeBSD FreeBSD | =13.1-p5 | |
| FreeBSD FreeBSD | =13.1-p6 | |
| FreeBSD FreeBSD | =13.1-p7 | |
| FreeBSD FreeBSD | =13.1-rc1-p1 | |
| FreeBSD FreeBSD | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3326?
CVE-2023-3326 is a vulnerability in the pam_krb5 authentication module that allows unauthenticated users to gain unauthorized access to a system.
How does the pam_krb5 vulnerability work?
The pam_krb5 vulnerability allows an attacker to authenticate as any user without providing a valid password by exploiting a flaw in the Kerberos authentication process.
Which software versions are affected by CVE-2023-3326?
CVE-2023-3326 affects FreeBSD versions 12.4 up to but not including 13.2.
What is the severity of CVE-2023-3326?
CVE-2023-3326 has a severity rating of 9.8 out of 10, indicating a critical vulnerability.
How can I fix the pam_krb5 vulnerability?
To fix the pam_krb5 vulnerability, it is recommended to update to a patched version of FreeBSD.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/13.0
- version/freebsd freebsd/12.4
- version/freebsd freebsd/12.4-p1
- version/freebsd freebsd/12.4-p2
- version/freebsd freebsd/12.4-rc2-p1
- version/freebsd freebsd/12.4-rc2-p2
- version/freebsd freebsd/13.1
- version/freebsd freebsd/13.1-b1-p1
- version/freebsd freebsd/13.1-b2-p2
- version/freebsd freebsd/13.1-p1
- version/freebsd freebsd/13.1-p2
- version/freebsd freebsd/13.1-p3
- version/freebsd freebsd/13.1-p4
- version/freebsd freebsd/13.1-p5
- version/freebsd freebsd/13.1-p6
- version/freebsd freebsd/13.1-p7
- version/freebsd freebsd/13.1-rc1-p1
- version/freebsd freebsd/13.2