CVE-2014-3879 in FreeBSDinfo

Summary

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/27/2014

Moderation

VulDB entry created

Entries

1: VDB-13436

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

8.1

EPSS

0.01485

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3879
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3879
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3879/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!