It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2017:2904 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2905 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2906 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1503103 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html | Third Party Advisory |
https://www.debian.org/security/2017/dsa-4025 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-01-18T21:00:00Z
Updated: 2018-02-02T10:57:01
Reserved: 2017-08-01T00:00:00
Link: CVE-2017-12197
JSON object: View
NVD Information
Status : Modified
Published: 2018-01-18T21:29:00.203
Modified: 2019-10-09T23:22:28.607
Link: CVE-2017-12197
JSON object: View
Redhat Information
No data.