CVE-2014-3879
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
OpenPAM Nummularia versiones 9.2 hasta 10.0, maneja inapropiadamente un error reportado cuando una directiva de inclusión hace referencia a una política que no existe, lo que causa que la cadena de políticas cargada no sea descartada y permita a atacantes dependiendo del contexto omitir una autenticación por medio de un inicio de sesión (1) sin contraseña o (2) con una contraseña incorrecta.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-27 CVE Reserved
- 2014-06-04 CVE Published
- 2024-07-16 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.openpam.org/browser/openpam/trunk/HISTORY | Release Notes | |
http://www.securityfocus.com/bid/67808 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc | 2020-02-27 | |
http://www.securitytracker.com/id/1030330 | 2020-02-27 |
URL | Date | SRC |
---|