CVE-2013-7041Improper Control of Interaction Frequency in PAM

CWE-31011 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
2.6%
top 14.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PAMDebian PAM
Timeline
PublishedMay 8
Latest updateMay 17

Description

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/pam< pam 1.1.8-3.1 (bookworm)
Debianpam/pam< 1.1.8-3.1+3
Ubuntupam/pam< 1.1.8-1ubuntu2.2+1

🔴Vulnerability Details

4
GHSA
GHSA-mcg8-3cr3-6hq9: The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password vi2022-05-17
OSV
pam regression2016-03-16
OSV
pam vulnerabilities2016-03-16
OSV
CVE-2013-7041: The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password vi2014-05-08

📋Vendor Advisories

5
Ubuntu
PAM regression2016-03-17
Ubuntu
PAM regression2016-03-16
Ubuntu
PAM vulnerabilities2016-03-16
Red Hat
pam: pam_userdb case insensitive password hash comparison2013-12-04
Debian
CVE-2013-7041: pam - The pam_userdb module for Pam uses a case-insensitive method to compare hashed p...2013

💬Community

1
Bugzilla
CVE-2013-7041 pam: pam_userdb case insensitive password hash comparison2013-12-05
CVE-2013-7041 — Debian PAM vulnerability | cvebase