Impact
When an authd user logs in via SSH for the first time (meaning they do not yet exist in the authd user database) and successfully authenticates via the configured broker, the user is considered a member of the root group in the context of that SSH session. This situation may allow the user to read and write files that are accessible by the root group, to which they should not have access. The user does not get root privileges or any capabilities beyond the access granted to the root group.
Preconditions under which this vulnerability affects a system
Patches
Fixed by ubuntu/authd@619ce8e
Workarounds
Configure the SSH server to not allow authenticating via authd, for example by setting UsePAM no
or KbdInteractiveAuthentication no
in the sshd_config
(see https://documentation.ubuntu.com/authd/stable/howto/login-ssh/#ssh-configuration).
References
Impact
When an authd user logs in via SSH for the first time (meaning they do not yet exist in the authd user database) and successfully authenticates via the configured broker, the user is considered a member of the root group in the context of that SSH session. This situation may allow the user to read and write files that are accessible by the root group, to which they should not have access. The user does not get root privileges or any capabilities beyond the access granted to the root group.
Preconditions under which this vulnerability affects a system
ssh_allowed_suffixes
option in the broker configuriation.allowed_users
option in the broker configuration.Patches
Fixed by ubuntu/authd@619ce8e
Workarounds
Configure the SSH server to not allow authenticating via authd, for example by setting
UsePAM no
orKbdInteractiveAuthentication no
in thesshd_config
(see https://documentation.ubuntu.com/authd/stable/howto/login-ssh/#ssh-configuration).References