3 matches found
CVE-2014-3879
CVE-2014-3879 affects OpenPAM in FreeBSD’s PAM policy parser. When an include directive references a non-existent policy, the library may keep a partially loaded configuration, enabling a context-dependent bypass of authentication (login without a password or with an incorrect one). Affected: Ope...
CVE-2014-3879
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
FreeBSD-SA-14:13.pam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...