← back
CVE-2014-3879

CVE-2014-3879

EPSS 2.7%
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.aschttp://www.openpam.org/browser/openpam/trunk/HISTORYhttp://www.securityfocus.com/bid/67808http://www.securitytracker.com/id/1030330