CRITICAL🇬🇧 English

CVE-2020-27780

CVSS 9.8v3.1pub. 2020-12-18upd. 2024-11-21

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Pam

    APP
    Linux-Pam
    1.5.0 – 1.5.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-28321CRITICAL9.8ten sam produkt

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Th...

CVE-2010-4708HIGH7.2ten sam produkt

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home d...

CVE-2024-10041MEDIUM4.7ten sam produkt

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger t...

CVE-2024-22365MEDIUM5.5ten sam produkt

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) v...

CVE-2015-3238MEDIUM6.5ten sam produkt

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable t...