Required CVE Record Information
Description
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
References 6 Total
- lists.debian.org: [debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update mailing-list
- access.redhat.com: RHSA-2017:2904 vendor-advisory
- access.redhat.com: RHSA-2017:2905 vendor-advisory
- access.redhat.com: RHSA-2017:2906 vendor-advisory
- debian.org: DSA-4025 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1503103
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- lists.debian.org: [debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update mailing-listx_transferred
- access.redhat.com: RHSA-2017:2904 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2017:2905 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2017:2906 vendor-advisoryx_transferred
- debian.org: DSA-4025 vendor-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1503103 x_transferred