The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
Software | From | Fixed in |
---|---|---|
mod_auth_shadow / mod_auth_shadow | 1.0 | 1.0.x |
mod_auth_shadow / mod_auth_shadow | 1.1 | 1.1.x |
mod_auth_shadow / mod_auth_shadow | 1.2 | 1.2.x |
mod_auth_shadow / mod_auth_shadow | 1.3 | 1.3.x |
mod_auth_shadow / mod_auth_shadow | 1.4 | 1.4.x |