CVE-2014-3879

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
18/02/2020
Last modified:
27/02/2020

Description

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* 9.2 (including)