4 matches found
Debian DSA-177-1 : pam -- serious security violation
A serious security violation in PAM was discovered. Disabled passwords i.e. those with '' in the password file were classified as empty password and access to such accounts is granted through the regular login procedure getty, telnet, ssh. This works for all such accounts whose shell field in the...
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty null password, which allows local and remote attackers to gain privileges as disabled users...
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty null password, which allows local and remote attackers to gain privileges as disabled users...
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty null password, which allows local and remote attackers to gain privileges as disabled users...