It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1503103 | Issue Tracking Third Party Advisory |
https://www.debian.org/security/2017/dsa-4025 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2906 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2905 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2904 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html | Third Party Advisory |
Configurations
Information
Published : 2018-01-18 13:29
Updated : 2019-10-09 16:22
NVD link : CVE-2017-12197
Mitre link : CVE-2017-12197
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
libpam4j_project
- libpam4j
redhat
- enterprise_linux