Default AdminIdentities in PolicyKit 0.103 Allows Local Users to Gain Root Privileges Without Authentication

Default AdminIdentities in PolicyKit 0.103 Allows Local Users to Gain Root Privileges Without Authentication

CVE-2011-4945 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

Learn more about our User Device Pen Test.