CVE-2017-12197

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12197

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12197.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12197

Aliases

GHSA-x9rg-q5fx-fx66

Related

Published

2018-01-18T21:29:00Z

Modified

2024-09-03T01:38:50.118027Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

References

Affected packages

Git / github.com/kohsuke/libpam4j

Affected ranges

Type: GIT
Repo: https://github.com/kohsuke/libpam4j
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b4a4cb04a79cdc629ec43421e95c498239c08ff6

Affected versions

libpam4j-1.*

libpam4j-1.5

libpam4j-1.6

libpam4j-1.7

libpam4j-1.8