alpine 3.7
access weakness #1

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

freerdp/src/FreeRDP-24a752a70840f3e4b027ba7c020af71f2bcfd94a/libfreerdp/core/nla.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 access weakness.

 
		if (status != SEC_I_CONTINUE_NEEDED)
			break;

		have_context = TRUE;
	}

	/* Receive encrypted credentials */

	if (credssp_recv(credssp) < 0)
		return -1;

	if (credssp_decrypt_ts_credentials(credssp) != SEC_E_OK)
	{
		WLog_ERR(TAG, "Could not decrypt TSCredentials status: 0x%08X", status);
		return 0;
	}

	if (status != SEC_E_OK)
	{
		WLog_ERR(TAG, "AcceptSecurityContext status: 0x%08X", status);
		return 0;
	}

	status = credssp->table->ImpersonateSecurityContext(&credssp->context);

	if (status != SEC_E_OK)
	{
		WLog_ERR(TAG, "ImpersonateSecurityContext status: 0x%08X", status);
		return 0;
	}
	else
	{
		status = credssp->table->RevertSecurityContext(&credssp->context);

		if (status != SEC_E_OK)
		{
			WLog_ERR(TAG, "RevertSecurityContext status: 0x%08X", status);
			return 0;
		}
	}

	credssp->table->FreeContextBuffer(pPackageInfo);
	return 1;
}

/**
 * Authenticate using CredSSP.
 * @param credssp
 * @return 1 if authentication is successful 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.