pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2006-10-09 21:06
Updated : 2022-02-25 11:20
NVD link : CVE-2006-5170
Mitre link : CVE-2006-5170
JSON object : View
CWE
CWE-755
Improper Handling of Exceptional Conditions
Products Affected
fedoraproject
- fedora_core
redhat
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_workstation
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_big_endian
- enterprise_linux_server
debian
- debian_linux