logo

Database

Lack of data validation In org.kohsuke:libpam4j

Description

Improper Input Validation in libpam4j It was found that libpam4j prior to 1.10 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-121972. NVD-2017-121973. OSV-2017-121974. GCVE-2017-121975. access.redhat.com6. access.redhat.com7. access.redhat.com8. lists.debian.org

References

1. https://github.com/kohsuke/libpam4j/issues/182. https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc213. https://bugzilla.redhat.com/show_bug.cgi?id=15031034. https://www.debian.org/security/2017/dsa-4025

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.