Vulnerability Note VU#249491
IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules
There is a remotely exploitable flaw in IBM's AIX 5.1L login when using loadable authentication modules. This does not affect AIX 4.3 and earlier.
IBM AIX 5.1L login, with loadable authentication modules enabled and some non-default configurations, will permit users to login with an invalid password. This can be used to gain root access to the system. IBM AIX 4.3 and earlier are not affected by this vulnerability. IBM has issued an advisory addressing this issue.
An intruder can gain root access to the system.
Disable integrated login permissions.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM||Affected||-||21 Dec 2001|
CVSS Metrics (Learn More)
Our thanks to IBM for the information contained in their advisory.
This document was written by Jason Rafail.
- CVE IDs: Unknown
- Date Public: 19 Dec 2001
- Date First Published: 21 Dec 2001
- Date Last Updated: 21 Dec 2001
- Severity Metric: 28.35
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.