CVE-2017-12197
libpam4j: Account check bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
Se ha descubierto que las versiones hasta, e incluyendo, la 1.8 de libpam4j no validan adecuadamente las cuentas de usuario al autenticarse, Un usuario con una contraseña válida para una cuenta deshabilitada podría omitir las restricciones de seguridad y acceder a información sensible.
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-01 CVE Reserved
- 2017-10-17 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-863: Incorrect Authorization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2904 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:2905 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:2906 | 2019-10-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503103 | 2017-10-17 | |
| https://www.debian.org/security/2017/dsa-4025 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-12197 | 2017-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libpam4j Project Search vendor "Libpam4j Project" | Libpam4j Search vendor "Libpam4j Project" for product "Libpam4j" | <= 1.8 Search vendor "Libpam4j Project" for product "Libpam4j" and version " <= 1.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||