#VU98047 Improper Authentication in authd - CVE-2024-9313
Published: October 5, 2024 / Updated: April 24, 2026
Vulnerability identifier: #VU98047
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-9313
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
authd
authd
Software vendor:
Canonical Ltd.
Canonical Ltd.
Description
The vulnerability allows a remote user to impersonate other users.
The vulnerability exists due to an error in the authd PAM module that cal allow broker-managed users to impersonate any other user managed by the same
broker and perform any PAM operation with it, including authenticating
as them. A remote user can use tools such as su, sudo or ssh (and potentially others) that, so far, do not ensure that the PAM user at the end of the transaction is matching the one who initiated the transaction.
Remediation
Install updates from vendor's website.