Weak Permissions in Condor Filesystem Authentication Directory

Weak Permissions in Condor Filesystem Authentication Directory

CVE-2012-3492 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.

Learn more about our User Device Pen Test.