Unrated severityNVD Advisory· Published Nov 14, 2024· Updated Dec 23, 2025
Theft of credentials in Unix client PAGs
CVE-2024-10394
Description
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.