Unrated severityNVD Advisory· Published Mar 15, 2011· Updated Apr 29, 2026

CVE-2011-0438

Description

nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.

Affected products

Arthurdejong/Nss Pam Ldapd
cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txtnvdPatch
lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/46819nvdPatch
arthurdejong.org/nss-pam-ldapd/news.htmlnvd
securityreason.com/securityalert/8132nvd
exchange.xforce.ibmcloud.com/vulnerabilities/66028nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000