Brute Force Password Guessing Vulnerability in SELinux PAM

Brute Force Password Guessing Vulnerability in SELinux PAM

CVE-2005-2977 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.