Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27780

Опубликовано: 27 окт. 2020
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

A flaw was found in Linux-PAM in the way it handles empty passwords for non-existing users. When the user doesn't exist, PAM tries to authenticate with root and with an empty password, authentication is successful. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pamNot affected
Red Hat Enterprise Linux 6pamNot affected
Red Hat Enterprise Linux 7pamNot affected
Red Hat Enterprise Linux 8pamNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1901094pam: authentication bypass when the user doesn't exist and root password is blank

EPSS

Процентиль: 62%
0.00436
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27780

CVSS3: 9.8
ubuntu
около 5 лет назад

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

nvd логотип

CVE-2020-27780

CVSS3: 9.8
nvd
около 5 лет назад

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

msrc логотип

CVE-2020-27780

CVSS3: 9.8
msrc
около 5 лет назад

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

debian логотип

CVE-2020-27780

CVSS3: 9.8
debian
около 5 лет назад

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it ...

github логотип

GHSA-pgjg-jx8c-q35f

github
больше 3 лет назад

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

EPSS

Процентиль: 62%
0.00436
Низкий

8.1 High

CVSS3