The SELinux version of PAM prior to 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pam pam |