A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
References
Link | Resource |
---|---|
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5226 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-03-25T18:03:01
Updated: 2022-09-14T23:06:10
Reserved: 2022-03-22T00:00:00
Link: CVE-2022-1049
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-25T19:15:10.577
Modified: 2023-12-14T21:40:19.627
Link: CVE-2022-1049
JSON object: View
Redhat Information
No data.
CWE