Skip to content

CPP: Pam Authorization Bypass #667

Closed
Closed
CPP: Pam Authorization Bypass#667
Labels
All For OneSubmissions to the All for One, One for All bounty
@ghost

Description

@ghost
ghost
opened on Apr 19, 2022

Query PR

github/codeql#8775

Language

C/C++

CVE(s) ID list

nvd.nist.gov/vuln/detail/CVE-2022-24755

CWE

CWE-285

Report

This is similar to #561 and #562.

Using pam_authenticate function call to grant access to a user can cause security issues. A pam_authenticate call only checks if the username and the password match. It does not check if the account is expired. Hence, a user with an expired login or an expired password can still login.

This PR aims to detect instances were an initiated PAM Transaction calls pam_authenticate but does not call pam_acct_mgtmt.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions