Redhat: >> Enterprise Linux For Ibm Z Systems >> 4.0_s390 Security Vulnerabilities
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVSS Score
7.5
EPSS Score
0.025
Published
2006-10-10