CVE-2017-12197

CVE-2017-12197

Vendor Red Hat, Inc.
Product libpam4j
Weakness CWE-863 · Incorrect authorization
Published January 18, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

Key dates

02Disclosure timeline

January 18, 2018 CVE published
August 5, 2024 Record updated