CVE-2011-3172: unix2_chkpwd do not check for a valid account
First published: Wed Aug 31 2011(Updated: )
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise Server | <12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2011-3172.
What is the severity level of CVE-2011-3172?
CVE-2011-3172 has a severity level of critical (9.8).
Which software is affected by CVE-2011-3172?
CVE-2011-3172 affects SUSE Linux Enterprise version prior to 12.
How does CVE-2011-3172 allow attackers to gain unauthorized access?
CVE-2011-3172 allows attackers to log into accounts that should have been disabled.
Is there a fix available for CVE-2011-3172?
Yes, a fix is available. Refer to the provided references for more information.
- agent/weakness
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/suse
- canonical/suse linux enterprise server