CVE-2017-12197

MEDIUM

libpam4j <= 1.8 - Authentication Bypass via Disabled Account Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-12197. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a vulnerable version of libpam4j, a Java binding for libpam, which is affected by CVE-2017-12197. The code includes the full implementation of the PAM authentication mechanism, demonstrating the vulnerability in the context of the library.

Description

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

Exploits (2)

nomisec WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-12197-libpam4j-vulnerable

This repository contains a vulnerable version of libpam4j, a Java binding for libpam, which is affected by CVE-2017-12197. The code includes the full implementation of the PAM authentication mechanism, demonstrating the vulnerability in the context of the library.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: libpam4j (version not specified)
No auth needed
Prerequisites: Access to a system using libpam4j for authentication
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-12197-libpam4j-vulnerable

This repository contains a vulnerable version of libpam4j, a Java binding for libpam, which is affected by CVE-2017-12197. The code includes the full implementation of the PAM authentication mechanism, which can be used to demonstrate the vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: libpam4j (version not specified)
No auth needed
Prerequisites: Access to a system using libpam4j for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2904
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2905
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2906
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4025
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1503103

Scores

CVSS v3 6.5
EPSS 0.0051
EPSS Percentile 66.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-20 CWE-863
Status published
Products (6)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
libpam4j_project/libpam4j < 1.8
org.kohsuke/libpam4j 0 - 1.10Maven
redhat/enterprise_linux 6.0
Published Jan 18, 2018
Tracked Since Feb 18, 2026