DSA-4025-1 libpam4j -- libpam4j
|ID: oval:org.secpod.oval:def:603160||Date: (C)2017-12-04 (M)2018-02-07|
|Class: PATCH||Family: unix|
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.