CVE-2014-3879

2020-02-18T17:15:00
ID CVE-2014-3879
Type cve
Reporter cve@mitre.org
Modified 2020-02-27T15:52:00

Description

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.