VYPR
Unrated severityNVD Advisory· Published Feb 18, 2020· Updated Aug 6, 2024

CVE-2014-3879

CVE-2014-3879

Description

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenPAM/Nummulariadescription
  • OpenPAM/OpenPAMllm-fuzzy
    Range: 9.2 through 10.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.