Vulnerabilities

CVE-2014-3879

by Fred · 18/02/2020

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Date published : 2020-02-18

http://www.securityfocus.com/bid/67808

http://www.openpam.org/browser/openpam/trunk/HISTORY

Similar

Tags: Cybersecurity Alert