CVE-2005-0002
poppassd_pam < 1.0 - Unauthenticated Arbitrary Password Change
Title source: llmDescription
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13865
Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200501-22.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1012840
Scores
EPSS
0.0093
EPSS Percentile
76.4%
Details
Status
published
Products (1)
gentoo/poppassd_pam
< 1.0
Published
May 02, 2005
Tracked Since
Feb 18, 2026