PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-10-28