A Security Researcher with Github disclosed a 7-year-old issue with the way polkit, an authentication mechanism in most Linux distributions, issues permissions allowing for privileged user creation. All Linux distributions using systemd are affected. Polkit’s maintainers at RedHat were notified and released a fix on June 3^rd. The vulnerability was issued CVE-2021-3560. It is an interesting and fairly easy to exploit vulnerability involving the timing of polkit’s decision making. In the PoC released to exploit the vulnerability, two conditions must be met requiring the accountservice and gnome-control-center packages to be installed on the target system. A dbus-send command is issued to create a user account, but the process is killed before polkit has made its decision to allow the user to run the command, defaulting in the approval. After that, a password is created and issued in the same manner and a new user account with sudo privileges that the attacker can use is the result.