CVE-2017-12197
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
| Software | From | Fixed in |
|---|---|---|
| libpam4j_project / libpam4j | - | 1.8.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 7.0 | 7.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
org.kohsuke / libpam4j
|
- | 1.10 |
- https://access.redhat.com/errata/RHSA-2017:2904
- https://access.redhat.com/errata/RHSA-2017:2905
- https://access.redhat.com/errata/RHSA-2017:2906
- https://bugzilla.redhat.com/show_bug.cgi?id=1503103
- https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21
- https://github.com/kohsuke/libpam4j/issues/18
- https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html
- https://www.debian.org/security/2017/dsa-4025
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime