Vulnerabilities > CVE-2000-0957 - Unspecified vulnerability in PAM Mysql PAM Mysql

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pam-mysql

NVD

Published: 2000-12-19

Updated: 2017-10-10

Summary

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

Vulnerable Configurations

Part	Description	Count
Application	Pam_Mysql PAM Mysql PAM Mysql 0.1 PAM Mysql PAM Mysql 0.2 PAM Mysql PAM Mysql 0.3 PAM Mysql PAM Mysql 0.4	4

References

http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5447