CVE-2020-27780: A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Overview
- Severity
- Critical (CVSS 9.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2020-Dec
- Released
- 2020-12-22
- EPSS Score
- 0.44% (percentile: 63.9%)
Affected Products (1)
Mariner
- cm1 pam 1.5.1-2 on CBL Mariner 1.0
Revision History
- 2020-12-22: Information published.