CVE-2013-0191
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0100 (1.0%)
Percentil: 77.0%
EPSS: 2026-05-06
Afecta
lucas_clemente_vella:libpam-pgsqlDescripción técnica
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
Publicada: 3/6/2014, 14:55:09
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://seclists.org/oss-sec/2013/q1/86
- http://seclists.org/oss-sec/2013/q1/99
- http://sourceforge.net/p/pam-pgsql/bugs/13/
- http://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
- http://www.securityfocus.com/bid/57440
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81363