Vulnerabilities > CVE-2020-27780 - Unspecified vulnerability in Linux-Pam 1.5.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

linux-pam

critical

NVD

Published: 2020-12-18

Updated: 2024-11-21

Summary

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

Vulnerable Configurations

Part	Description	Count
Application	Linux-Pam Linux PAM Linux PAM 1.5.0	1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1901094
https://bugzilla.redhat.com/show_bug.cgi?id=1901094