MidnightBSD

Advisories for libpam4j_project

CVE-2017-12197 MEDIUM

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 9.0
libpam4j_project libpam4j *
debian debian_linux 8.0
redhat enterprise_linux 6.0