CVE-2011-0438

Name of the Vulnerable Software and Affected Versions nss-pam-ldapd version 0.8.0

Description The issue is related to the PAM module nslcd/pam.c in nss-pam-ldapd, which returns a success code when a user is not found in LDAP. This allows a remote attacker to bypass the authentication procedure.

Recommendations For version 0.8.0, consider disabling the nslcd/pam.c PAM module until a patch is available to prevent remote attackers from bypassing authentication. Restrict access to the LDAP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.