Critical Vulnerability Information Vulnerability Title Kerberos credential cache collection is world readable Severity CVSS v3 Base Score: 7.1/10 Attack Vector: Local Attack Complexity: Low Required Privileges: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: None Affected Versions Affected Versions: >=0.8.0 Fixed Versions: 1.2.0, 0.9.22 Description Himmelblau stores the received cloud TGT in the Kerberos credential cache during login. The created credential cache collection and the received credentials are stored with world-readable permissions. Details In OpenSUSE Tumbleweed, the credential cache type and location are configured by the installed drop-in file : The created cache directory is world-readable and has incorrect ownership: The stored credentials are also world-readable: PoC 1. Install Himmelblau 2. Edit and set the domain 3. Log in using an EntraID user Impact User TGTs can be leaked, allowing attackers to impersonate users and access unauthorized resources. Temporary Mitigation Remove all read access to Himmelblau ccache except for the owner: