Canonical: >> Authd >> 0.3.5 Security Vulnerabilities
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-06-16
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-10-10