CVE-2006-6683

2006-12-2119:00:00

mitre

www.cve.org

cve-2006-6683

chetcpasswd

remote attackers

bypass

pam configuration

/etc/shadow

user accounts

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454

www.securityfocus.com/bid/21102