CVE-2014-3879

CVE-2014-3879

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Source: CVE-2014-3879

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다