4 matches found
CVE-2014-3879
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
Authentication flaw
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...
CVE-2014-3879
CVE-2014-3879 affects OpenPAM in FreeBSD’s PAM policy parser. When an include directive references a non-existent policy, the library may keep a partially loaded configuration, enabling a context-dependent bypass of authentication (login without a password or with an incorrect one). Affected: Ope...
CVE-2014-3879
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login 1 without a passwor...