CVE-2009-1384
pam-krb5 2.2.14-2.3.4 - Username Enumeration via Differential Password Prompts
Title source: llmDescription
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References (12)
Core 12
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=502602
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35230
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43314
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/05/27/1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:054
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54791
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35112
Scores
EPSS
0.0333
EPSS Percentile
87.1%
Details
CWE
CWE-287
Status
published
Products (3)
eyrie/pam-krb5
2.2.14
eyrie/pam-krb5
2.3
eyrie/pam-krb5
2.3.4
Published
May 28, 2009
Tracked Since
Feb 18, 2026