VYPR
Unrated severityNVD Advisory· Published May 28, 2009· Updated Jun 16, 2026

CVE-2009-1384

CVE-2009-1384

Description

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Eyrie/Pam Krb53 versions
    cpe:2.3:a:eyrie:pam-krb5:2.2.14:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:eyrie:pam-krb5:2.2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:eyrie:pam-krb5:2.3.4:*:*:*:*:*:*:*
  • Krb5/Krb5llm-fuzzy
    Range: >=2.2.14, <=2.3.4

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.