CVE-2020-27780 log

Source
Severity High
Remote No
Type Authentication bypass
Description
An authentication bypass issue was found in pam 1.5.0. Nonexistent users could authenticate if the root password was empty.
Group Package Affected Fixed Severity Status Ticket
AVG-1297 pam 1.5.0-1 1.5.0-2 High Fixed
Date Advisory Group Package Severity Type
09 Dec 2020 ASA-202012-13 AVG-1297 pam High authentication bypass
References
https://github.com/linux-pam/linux-pam/blob/5b7ba35ebfd280c931933fedbf98cb7f4a8846f2/NEWS#L4-L5
https://github.com/linux-pam/linux-pam/pull/300
https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb