poppassd_pam: unauthorized password changing
| Package(s): | poppassd_pam | CVE #(s): | CAN-2005-0002 | ||||
| Created: | January 11, 2005 | Updated: | January 12, 2005 | ||||
| Description: | Gentoo Linux developer Marcus Hanwell discovered that poppassd_pam did not check that the old password was valid before changing passwords. Subsequent investigation revealed that poppassd_pam did not call pam_authenticate before calling pam_chauthtok. | ||||||
| Alerts: |
| ||||||