Authentication Bypass Vulnerability in Salt with PAM External Authentication

Authentication Bypass Vulnerability in Salt with PAM External Authentication

CVE-2016-3176 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Learn more about our External Network Penetration Testing.