Name of the Vulnerable Software and Affected Versions No specific software or version is mentioned, however, the issue is related to PAM (Pluggable Authentication Modules) and its implementation in a certain project, implying that the affected software is a PAM-based authentication system, but the exact name and version are not specified.

Description The issue arises from not invoking a call to pam acct mgmt after a successful call to pam authenticate, which can lead to an authorization bypass. This allows an attacker with expired credentials to still log in. The attack can be carried out over the network without requiring user interaction, and it has a high impact on confidentiality and a medium to high impact on integrity. An attacker may use this to access restricted parts of the system and gain access to confidential files.

Recommendations For the PAM-based authentication system, to fix this issue, invoke a call to pam acct mgmt after a successful call to pam authenticate. This ensures that the validity of a login is properly checked, preventing authorization bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.