CVE-2011-0438
nss-pam-ldapd 0.8.0 - Improper Authentication via PAM Module
Title source: llmDescription
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://arthurdejong.org/nss-pam-ldapd/news.html#20110309
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46819
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66028
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8132
Patch x_refsource_misc
http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.html
Scores
EPSS
0.0153
EPSS Percentile
71.5%
Details
CWE
CWE-287
Status
published
Products (1)
arthurdejong/nss-pam-ldapd
0.8.0
Published
Mar 15, 2011
Tracked Since
Feb 18, 2026