VULHUB ™

A timing attack has been described in Pluggable Authentication Modules (PAM) that could allow a remote user to determine if a username is valid. PAM could also disclose details as to whether a valid username has privileged or restricted access to the system. This information can be ascertained through analysis of the response time during PAM authentication. This issue could occur in any services that rely on PAM for authentication. A comprehensive list of affected PAM implementations is not available at this time. It is also not known whether this issue has been addressed in some PAM implementations.

A timing attack has been described in Pluggable Authentication Modules (PAM) that could allow a remote user to determine if a username is valid. PAM could also disclose details as to whether a valid username has privileged or restricted access to the system. This information can be ascertained through analysis of the response time during PAM authentication. This issue could occur in any services that rely on PAM for authentication. A comprehensive list of affected PAM implementations is not available at this time. It is also not known whether this issue has been addressed in some PAM implementations.