6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.3%
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.
CPE | Name | Operator | Version |
---|---|---|---|
arthurdejong:nss-pam-ldapd | arthurdejong nss-pam-ldapd | eq | 0.8.0 |
arthurdejong.org/nss-pam-ldapd/news.html#20110309
lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt
lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.html
securityreason.com/securityalert/8132
www.securityfocus.com/bid/46819
exchange.xforce.ibmcloud.com/vulnerabilities/66028