Himmelblau Kerberos Credential Cache Permission Vulnerability

A vulnerability exists in Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune, affecting versions 0.8.0 prior to 0.9.22 and 1.0.0-beta prior to 1.2.0. The issue arises because the application stores the cloud Ticket Granting Ticket (TGT) received during logon in a Kerberos credential cache that is world-readable. This improper permission setting could allow a local attacker to access a user's TGT, leading to impersonation and unauthorized resource access.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of a user's Kerberos TGT, allowing an attacker to impersonate the user and access restricted resources.

Reproduction

To reproduce this vulnerability, install Himmelblau and log in with an EntraID user. The credential cache will be created in a world-readable directory, accessible to all users.

Remediation

Users can upgrade to Himmelblau version 0.9.22 or 1.2.0, both of which address this vulnerability. Instructions for downloading these versions are available on the Himmelblau GitHub releases page.