CVE-2017-12197
Description
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.kohsuke:libpam4jMaven | < 1.10 | 1.10 |
Affected products
2- Red Hat, Inc./libpam4jv5Range: up to and including 1.8
Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- access.redhat.com/errata/RHSA-2017:2904ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:2905ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:2906ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-x9rg-q5fx-fx66ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12197ghsaADVISORY
- www.debian.org/security/2017/dsa-4025ghsavendor-advisoryx_refsource_DEBIANWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21ghsaWEB
- github.com/kohsuke/libpam4j/issues/18ghsaWEB
- lists.debian.org/debian-lts-announce/2017/11/msg00008.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.