VDB

MAGEIA-2018-234

MAGEIA-2018-234 PUBLISHED

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in (CVE-2017-12197).

Affected Products

VendorProductVersions
Mageialibpam4j1.8-7.1.mga6, 0

Timeline

  • May 16, 2018 CVE Updated
  • May 16, 2018 CVE Published
  • Mar 17, 2026 Distribution Patch
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›