CCE-96163-1| Platform: cpe:/o:suse:suse_linux_enterprise_server:15 | Date: (C)2022-09-27 (M)2023-07-04 |
Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When the SUSE operating system provides the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate.
Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
Parameter:
[yes/no]
Technical Mechanism:
Fix:Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 9.9 | Attack Vector: NETWORK |
| Exploit Score: 3.1 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: CRITICAL | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84382 |
