Security Advisory

CVE-2014-3879

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-18 16:57:15

Last updated 2024-08-06 10:57:17

Assigner mitre

State PUBLISHED

Description

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

← Browse all CVEs View on cve.org ↗