PT-2014-2431 · Unknown · Libpam-Pgsql

Lucas Clemente Vella

Published

2014-06-03

Updated

2017-08-29

CVE-2013-0191

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions libpam-pgsql version 0.7

Description The issue allows remote attackers to bypass authentication by providing a crafted password, due to the improper handling of a NULL value returned by the password search query.

Recommendations For libpam-pgsql version 0.7, update to a version that properly handles NULL values from the password search query to prevent authentication bypass.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-0191

Affected Products

Libpam-Pgsql

PT-2014-2431 · Unknown · Libpam-Pgsql

CVE-2013-0191

Weakness Enumeration

Related Identifiers

Affected Products

References · 12