Описание
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
Ссылки
- PatchThird Party Advisory
- Release Notes
- Third Party AdvisoryVDB Entry
- PatchVDB EntryVendor Advisory
- PatchThird Party Advisory
- Release Notes
- Third Party AdvisoryVDB Entry
- PatchVDB EntryVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.2 (включая)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01485
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
EPSS
Процентиль: 81%
0.01485
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287