CVE-2020-27780
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-27780
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux-pam 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux-pam是Linux-pam团队的一款用于Linux的支持插拔式的系统身份验证软件。 Linux-Pam 存在授权问题漏洞,攻击者可利用该漏洞可以通过Linux-Pam的root空密码绕过限制,从而升级他的特权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | pam | pam 1.5.1 | - |
II. Public POCs for CVE-2020-27780
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-27780
请登录查看更多情报信息。
Vendor Advisories for CVE-2020-27780 (1)
- https://bugzilla.redhat.com/show_bug.cgi?id=1901094x_refsource_MISC
Same Patch Batch · n/a · 2020-12-17 · 43 CVEs total
| CVE-2020-20138 | CMS Made Simple (CMSMS) 跨站脚本漏洞 | |
| CVE-2020-35453 | HashiCorp Vault Enterprise’s Sentinel EGP 输入验证错误漏洞 | |
| CVE-2020-13931 | Apache TomEE 授权问题漏洞 | |
| CVE-2020-13528 | Lantronix Xport Edge 安全漏洞 | |
| CVE-2020-13509 | NZXT CAM 信息泄露漏洞 | |
| CVE-2020-13518 | NZXT CAM 信息泄露漏洞 | |
| CVE-2020-13517 | NZXT CAM 信息泄露漏洞 | |
| CVE-2020-13516 | NZXT CAM 信息泄露漏洞 | |
| CVE-2020-14232 | HCL Notes 安全漏洞 | |
| CVE-2020-13511 | NZXT CAM 信息泄露漏洞 | |
| CVE-2020-13527 | Lantronix Xport Edge 跨站请求伪造漏洞 | |
| CVE-2020-20139 | Flexmonster Pivot Table & Charts 跨站脚本漏洞 | |
| CVE-2020-20140 | Flexmonster Pivot Table & Charts 跨站脚本漏洞 | |
| CVE-2020-20141 | Flexmonster Pivot Table & Charts 跨站脚本漏洞 | |
| CVE-2020-20142 | Flexmonster Pivot Table & Charts 跨站脚本漏洞 | |
| CVE-2020-35545 | Spotweb SQL注入漏洞 | |
| CVE-2020-35490 | FasterXML jackson-databind 代码问题漏洞 | |
| CVE-2020-35491 | FasterXML jackson-databind 代码问题漏洞 | |
| CVE-2020-35489 | Wordpress contact-form-7 代码问题漏洞 | |
| CVE-2020-22083 | Jsonpickle 代码问题漏洞 |
Showing top 20 of 43 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-287
- CVE-2026-47280
Azure Resource Manager Elevation of Privilege Vulnerability - CVE-2026-41076
RT: LDAP authentication bypass via empty password - CVE-2026-39969
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verific - CVE-2026-32253
Sunshine: Authentication bypass via improper client certific - CVE-2026-44058
Authentication bypass via admin auth user
V. Comments for CVE-2020-27780
No comments yet