Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
SSSD 安全漏洞
Vulnerability Description
SSSD是一款用于管理对远程目录和身份验证机制访问的守护进程。 SSSD 1.16.0之前版本中的‘sysdb_search_user_by_upn_res()’函数存在安全漏洞,该漏洞源于在查询本地缓存时,程序没有过滤请求。攻击者可利用该漏洞检索密码散列。
CVSS Information
N/A
Vulnerability Type
N/A