A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux-pam linux-pam |