Lucene search
HistoryMay 02, 2005 - 4:00 a.m.
CVE-2005-0002
poppassd_pam
password change
remote attackers
security vulnerability
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.8%
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
Affected configurations
Node
gentoopoppassd_pamRange≤1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| gentoo:poppassd_pam | gentoo poppassd pam | le | 1.0 |
Related
gentoo
gentoo
poppassd_pam: Unauthorized password changing
2005-01-11 00:00:00
cvelist
cvelist
CVE-2005-0002
2005-01-19 05:00:00
nvd
nvd
CVE-2005-0002
2005-05-02 04:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200501-22 (poppassd_pam)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-22 (poppassd_pam)
2008-09-24 00:00:00
securityvulns
securityvulns
[ GLSA 200501-22 ] poppassd_pam: Unauthorized password changing
2005-01-13 00:00:00
nessus
nessus
GLSA-200501-22 : poppassd_pam: Unauthorized password changing
2005-02-14 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.8%
Related for CVE-2005-0002