VYPR

Authd

by Canonical

Source repositories

CVEs (6)

  • CVE-2026-6970HigApr 27, 2026
    risk 0.40cvss epss 0.00

    authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the…

  • CVE-2026-32984LowMar 27, 2026
    risk 0.23cvss 3.5epss 0.00

    Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on…

  • CVE-2023-7340LowMar 27, 2026
    risk 0.23cvss 3.5epss 0.00

    Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability…

  • CVE-2025-5689Jun 16, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

  • CVE-2024-9312Oct 10, 2024
    risk 0.00cvss epss 0.00

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

  • CVE-2024-9313Oct 3, 2024
    risk 0.00cvss epss 0.01

    Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.