Published: 28/05/2009 Updated: 10/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

pam_krb5 2.2.14 up to and including 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eyrie pam-krb5 2.2.14
eyrie pam-krb5 2.3.4
eyrie pam-krb5 2.3

Synopsis Low: pam_krb5 security and bug fix update Type/Severity Security Advisory: Low Topic Updated pam_krb5 packages that fix one security issue and various bugs arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common ...

CWE-287 https://bugzilla.redhat.com/show_bug.cgi?id=502602 http://www.securityfocus.com/bid/35112 http://www.openwall.com/lists/oss-security/2009/05/27/1 http://osvdb.org/54791 http://secunia.com/advisories/35230 http://www.vupen.com/english/advisories/2009/1448 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://secunia.com/advisories/43314 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081 http://www.securityfocus.com/archive/1/516397/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0258 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1384

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect