VYPR

OpenPAM

by OpenPAM

CVEs (2)

  • CVE-2011-4122Nov 17, 2011
    risk 0.03cvss epss 0.01

    Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to…

  • CVE-2014-3879Feb 18, 2020
    risk 0.00cvss epss 0.03

    OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login…