CVE-2014-3879
N/A
N/A
Summary
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/67808
- http://www.openpam.org/browser/openpam/trunk/HISTORY
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc
- http://www.securitytracker.com/id/1030330
References
- http://www.securityfocus.com/bid/67808
- http://www.openpam.org/browser/openpam/trunk/HISTORY
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc
- http://www.securitytracker.com/id/1030330
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.