Weak Permissions in authd Allow Local Users to Obtain /etc/ident.key via Race Condition

Weak Permissions in authd Allow Local Users to Obtain /etc/ident.key via Race Condition

CVE-2016-4982 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.

Learn more about our User Device Pen Test.