INCIBE has coordinated the publication of a vulnerability in Garuda Linux, with the internal code INCIBE-2021-0444, which has been discovered by Jesús Olmos at fox-it/nccgroup.
CVE-2021-3784 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
The issue is fixed in Garuda latest version.
Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account.
By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.
This vulnerability is already fixed in the last version of Garuda Linux.
CWE-285: Improper Authorization.
09/08/2021 - Researchers contact with INCIBE.
13/09/2021 - Garuda Linux fixes the vulnerability.
28/10/2021 - The advisory is published by INCIBE.
If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.