Unrated severityNVD Advisory· Published Dec 6, 2014· Updated May 6, 2026

CVE-2014-9278

Description

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

Affected products

OpenBSD/OpenSSH
cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-0425.htmlnvd
thread.gmane.org/gmane.comp.encryption.kerberos.general/15855nvd
www.openwall.com/lists/oss-security/2014/12/02/3nvd
www.openwall.com/lists/oss-security/2014/12/04/17nvd
www.securityfocus.com/bid/71420nvd
bugzilla.mindrot.org/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/99090nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000