CVE-2005-2977

Name of the Vulnerable Software and Affected Versions PAM versions prior to 0.78 r3

Description The issue allows local users to perform brute force password guessing attacks via the unix chkpwd module, which does not log failed guesses or delay its responses.

Recommendations For versions prior to 0.78 r3, update to version 0.78 r3 or later to resolve the issue. As a temporary workaround, consider implementing additional logging and delay mechanisms for failed password guesses to minimize the risk of exploitation.