Back to CVE Browser

CVE-2005-0002

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0870%

EPSS Percentile44.85th

PublishedMay 2, 2005

Last ModifiedApr 16, 2026

Vulnerability Description

poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.

Affected Platforms (CPE)

📦

Gentoo

Poppassd Pam

<= 1.0

References & Advisories

🔗 http://secunia.com/advisories/13865

🔗 http://security.gentoo.org/glsa/glsa-200501-22.xml

🔗 http://securitytracker.com/id?1012840

🔗 http://secunia.com/advisories/13865

🔗 http://security.gentoo.org/glsa/glsa-200501-22.xml

🔗 http://securitytracker.com/id?1012840

Related Vulnerabilities

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...

CVE-2005-103710.0

Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.