The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-11-01
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-10-28
Linux PAM modules allow local users to gain root access using temporary files.
CVSS Score
6.2
EPSS Score
0.001
Published
1998-12-01