Primary

Context

Altair Grid Engine Password Hash Disclosure Vulnerability

Vulnerability

A vulnerability exists in Altair Grid Engine versions prior to 2026.0.0, where error messages are not properly managed during user authentication. This flaw allows local attackers to access sensitive password hash information for privileged accounts, which could be exploited through offline brute-force attacks.

Impact

Exploitation of this vulnerability could lead to the extraction of password hashes for privileged accounts, allowing for offline brute-force attacks on those accounts.

Remediation

Users are advised to update Altair Grid Engine to version 2026.0.0 or later. For clusters not using the UGERest API/daemon, the setuid-root bit should be removed from the authentication user binaries. On non-Windows clusters, the setuid-root bit should be removed from the 'sgepasswd' binary.

Added: Nov 11, 2025, 9:37 PM

Updated: Nov 11, 2025, 9:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altair Grid Engine Password Hash Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating