CVE-2002-1227 Information

Description

PAM 0.76 treats a disabled password as if it were an empty (null) password which allows local and remote attackers to gain privileges as disabled users.

Reference

http://www.debian.org/security/2002/dsa-177 http://www.iss.net/security_center/static/10405.php http://www.securityfocus.com/bid/5994