The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-11-01
Updated
2017-10-11
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
Max CVSS
7.5
EPSS Score
0.76%
Published
2002-10-28
Updated
2008-09-05
Linux PAM modules allow local users to gain root access using temporary files.
Max CVSS
6.2
EPSS Score
0.04%
Published
1998-12-01
Updated
2022-08-17
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!