CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
66.3%
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
Vendor | Product | Version | CPE |
---|---|---|---|
pedro_lineu_orso | chetcpasswd | * | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:*:*:*:*:*:*:*:* |
pedro_lineu_orso | chetcpasswd | 1.12 | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:1.12:*:*:*:*:*:*:* |
pedro_lineu_orso | chetcpasswd | 2.1 | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.1:*:*:*:*:*:*:* |
pedro_lineu_orso | chetcpasswd | 2.2.1 | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.2.1:*:*:*:*:*:*:* |
pedro_lineu_orso | chetcpasswd | 2.3.1 | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.3.1:*:*:*:*:*:*:* |
pedro_lineu_orso | chetcpasswd | 2.3.3 | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.3.3:*:*:*:*:*:*:* |