The vulnerability of the connected authentication module of the Linux operating system PAM, which allows a hacker to trigger a service failure.

The vulnerability of the connected authentication module in the PAM operating system of Astra Linux relates to the inability for domain users to obtain token tokens during authentication when they lose connection to the domain server. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability of the PAM module for handling NSS data for the LDAP server nss-pam-ldapd allows a perpetrator to bypass the authentication process.

The vulnerability of the PAM module “nslcd/pam.c” for handling NSS data for the LDAP server nss-pam-ldapd is related to the return of the success code when the user is not found in the LDAP database. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...

FreeRDP NTLM Authentication Module Out-of-Bounds Read Vulnerability

FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team.NTLM Authentication module is one of the NTLM NT Lan Manager authentication modules. An out-of-bounds read vulnerability exists in the NTLM Authentication module in versions prior to...

Micro Focus openSUSE Leap and SUSE Linux Enterprise PAM Access Bypass Vulnerabilities

Micro Focus openSUSE Leap and SUSE Linux Enterprise are both different versions of the Linux operating system from Micro Focus in the U.K. PAM is one of the Pluggable Authentication Modules. An access bypass vulnerability exists in Micro Focus openSUSE Leap version 15.0 and PAM version 1.3.0 in...

CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

NX-OS Software Remote Code Execution Vulnerability in Multiple Cisco Products

Cisco Nexus 2000 Series Switches are switching devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software that runs on them. a set of data center-grade operating system software used by the switches. An input validation vulnerability...

Buffer overflow

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2018-17157)

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM WebSphere MQ versions 8.0 and 9.0 that originates from the program's use of the...

Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041)

Summary A security vulnerability was discovered in PAM that is embedded in the IBM FSM. This bulletin addresses this vulnerabilities. Vulnerability Details CVEID: CVE-2013-7041 DESCRIPTION: pamuserdb module for Pam could provide weaker than expected security, caused by an error in the strncasecmp...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V9000 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V840 (CVE-2015-3238)

Summary There is a vulnerability in the Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

ALPINE-CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

CVE-2018-1343

PAM exposure enabling unauthenticated access to remote host...

The vulnerability of the connected authentication module (PAM) of the Junos operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Junos operating system’s authentication module PAM exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause failures in the “demons” that use PAM...

DEBIAN-CVE-2010-3845

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log...

CVE-2017-6747

A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...

Multiple Pivotal Product Session Fixation Vulnerabilities

Cloud Foundry is an open source cloud computing platform. uAA is a user authentication module, a Java Spring project. A session fixation vulnerability exists in multiple Pivotal products. An attacker could hijack arbitrary sessions and gain unauthorized access to affected applications...

Debian DLA-988-1 : rt-authen-externalauth security update

It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is vulnerable. For Debian 7 'Wheezy', these problems have been fixed in version...

Drupal Shibboleth authentication module access bypass vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . An access bypass vulnerability exists in the Drupal Shibboleth authentication module...