CVE-2014-3879

Name of the Vulnerable Software and Affected Versions OpenPAM versions 9.2 through 10.0

Description The issue arises from improper error handling when an include directive refers to a non-existent policy, causing the loaded policy chain to not be discarded. This allows attackers to bypass authentication in two ways: by logging in without a password or by using an incorrect password.

Recommendations For OpenPAM versions 9.2 through 10.0, update to a version that properly handles errors for non-existent policies to prevent authentication bypass.