CVE-2002-1227 — PAM vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PAM Debian PAM

Timeline

PublishedOct 28

Latest updateApr 30

Description

PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/pam< pam 0.76-6 (bookworm)

▶Debianpam/pam< 0.76-6+3

▶NVDpam/pam0.76

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-pw86-jwrv-pxmm: PAM 0↗2022-04-30

▶

OSV

CVE-2002-1227: PAM 0↗2002-10-28

▶

📋Vendor Advisories

Debian

CVE-2002-1227: pam - PAM 0.76 treats a disabled password as if it were an empty (null) password, whic...↗2002

▶