431 matches found
CVE-2001-1354
NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...
NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption
NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform passwor...
NetWin DMail 2.x / SurgeFTP 1.0/2.0 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform password encryption operations. As a result, it is trivial for an...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass. OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d. Remediatio...
DEBIAN-CVE-2001-1459
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...
PT-2001-2550 · Openssh +1 · Openssh +1
Name of the Vulnerable Software and Affected Versions: OpenSSH versions 2.9 and earlier Description: The issue allows local users to bypass resource limits rlimits set in pam.d because OpenSSH does not initiate a Pluggable Authentication Module PAM session when commands are executed with no pty...
CVE-2000-0957
The pam_mysql pluggable authentication module for MySQL (pam_mysql) before 0.4.7 is vulnerable due to insufficient cleansing of user input when constructing SQL statements. This can allow an attacker to obtain plaintext passwords or password hashes. The provided documents do not include exploitat...
CVE-2000-0957
The pluggable authentication module for mysql pammysql before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes...
CVE-2000-0957
The pluggable authentication module for mysql pammysql before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes...
pam_smb / pam_ntdom User Name Remote Overflow
The remote telnet server shuts the connection abruptly when given a long username followed by a password. Although Nessus could not be 100% positive, it may mean that the remote host is using an older pamsmb or pamntdom pluggable authentication module to validate user credentials against a NT...
CVE-1999-1158
Buffer overflow in 1 pluggable authentication module PAM on Solaris 2.5.1 and 2.5 and 2 unixscheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd...