A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-20284 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T16:25:42.438Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27780

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-18T00:15:14.330

Modified: 2024-11-21T05:21:49.307

Link: CVE-2020-27780

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-10-27T00:00:00Z

Links: CVE-2020-27780 - Bugzilla

cve-icon OpenCVE Enrichment

No data.