VYPR

Go modules package

github.com/ubuntu/authd

pkg:golang/github.com/ubuntu/authd

Vulnerabilities (3)

  • CVE-2025-5689Jun 16, 2025
    affected < 0.5.4fixed 0.5.4

    A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

  • CVE-2024-9312Oct 10, 2024
    affected <= 0.0.0-20230706090440-d8cb2d561419

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

  • CVE-2024-9313Oct 3, 2024
    affected < 0.0.0-20240930103526-63e527496b01fixed 0.0.0-20240930103526-63e527496b01

    Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.