2004-09-01 04:00:00
mitre
PUBLISHED
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.