Unrated severityNVD Advisory· Published Feb 18, 2020· Updated Aug 6, 2024
CVE-2014-3879
CVE-2014-3879
Description
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenPAM/Nummulariadescription
Patches
Vulnerability mechanics
References
4- www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.ascmitrex_refsource_MISC
- www.openpam.org/browser/openpam/trunk/HISTORYmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/67808mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1030330mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.